Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2022-27664 (GCVE-0-2022-27664)
Vulnerability from cvelistv5 – Published: 2022-09-06 17:29 – Updated: 2024-08-03 05:32
VLAI
EPSS
Summary
In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://groups.google.com/g/golang-announce | x_refsource_MISC |
| https://groups.google.com/g/golang-announce/c/x49… | x_refsource_CONFIRM |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://security.netapp.com/advisory/ntap-2022092… | x_refsource_CONFIRM |
| https://security.gentoo.org/glsa/202209-26 | vendor-advisoryx_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:32:59.884Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://groups.google.com/g/golang-announce"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s"
},
{
"name": "FEDORA-2022-67ec8c61d0",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXS2OQ57KZC5XZKK5UW4SYKPVQAHIOJX/"
},
{
"name": "FEDORA-2022-45097317b4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXKTHIGE5F576MAPFYCIJXNRGBSPISUF/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220923-0004/"
},
{
"name": "GLSA-202209-26",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202209-26"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-29T16:06:56.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://groups.google.com/g/golang-announce"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s"
},
{
"name": "FEDORA-2022-67ec8c61d0",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXS2OQ57KZC5XZKK5UW4SYKPVQAHIOJX/"
},
{
"name": "FEDORA-2022-45097317b4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXKTHIGE5F576MAPFYCIJXNRGBSPISUF/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20220923-0004/"
},
{
"name": "GLSA-202209-26",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202209-26"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-27664",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://groups.google.com/g/golang-announce",
"refsource": "MISC",
"url": "https://groups.google.com/g/golang-announce"
},
{
"name": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s",
"refsource": "CONFIRM",
"url": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s"
},
{
"name": "FEDORA-2022-67ec8c61d0",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXS2OQ57KZC5XZKK5UW4SYKPVQAHIOJX/"
},
{
"name": "FEDORA-2022-45097317b4",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXKTHIGE5F576MAPFYCIJXNRGBSPISUF/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220923-0004/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20220923-0004/"
},
{
"name": "GLSA-202209-26",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202209-26"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-27664",
"datePublished": "2022-09-06T17:29:08.000Z",
"dateReserved": "2022-03-23T00:00:00.000Z",
"dateUpdated": "2024-08-03T05:32:59.884Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2022-27664",
"date": "2026-05-27",
"epss": "0.00098",
"percentile": "0.26741"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2022-27664\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2022-09-06T18:15:12.747\",\"lastModified\":\"2024-11-21T06:56:07.703\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.\"},{\"lang\":\"es\",\"value\":\"En net/http en Go versiones anteriores a 1.18.6 y 1.19.x anteriores a 1.19.1, los atacantes pueden causar una denegaci\u00f3n de servicio porque una conexi\u00f3n HTTP/2 puede colgarse durante el cierre si el apagado fue adelantado por un error fatal.\\n\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.18.6\",\"matchCriteriaId\":\"5FD1F793-7C7B-454B-BD2D-CE56C91E8573\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:1.19.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6173F8B9-F925-4166-9D3A-6793082D6A6F\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E30D0E6F-4AE8-4284-8716-991DFA48CC5D\"}]}]}],\"references\":[{\"url\":\"https://groups.google.com/g/golang-announce\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://groups.google.com/g/golang-announce/c/x49AQzIVX-s\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXKTHIGE5F576MAPFYCIJXNRGBSPISUF/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXS2OQ57KZC5XZKK5UW4SYKPVQAHIOJX/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://security.gentoo.org/glsa/202209-26\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20220923-0004/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://groups.google.com/g/golang-announce\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://groups.google.com/g/golang-announce/c/x49AQzIVX-s\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXKTHIGE5F576MAPFYCIJXNRGBSPISUF/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXS2OQ57KZC5XZKK5UW4SYKPVQAHIOJX/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/202209-26\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20220923-0004/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
RHSA-2022:8626
Vulnerability from csaf_redhat - Published: 2022-11-28 20:47 - Updated: 2026-05-11 14:40Summary
Red Hat Security Advisory: OpenShift Container Platform 4.11.17 packages and security update
Severity
Moderate
Notes
Topic: Red Hat OpenShift Container Platform release 4.11.17 is now available with
updates to packages and images that fix several bugs and add enhancements.
This release includes a security update for Red Hat OpenShift Container Platform 4.11.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
Details: Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.
This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.11.17. See the following advisory for the container images for this release:
https://access.redhat.com/errata/RHBA-2022:8627
Security Fix(es):
* golang: net/http: improper sanitization of Transfer-Encoding header
(CVE-2022-1705)
* golang: net/http: handle server errors after sending GOAWAY
(CVE-2022-27664)
* golang: net/http/httputil: NewSingleHostReverseProxy - omit
X-Forwarded-For not working (CVE-2022-32148)
* golang: math/big: decoding big.Float and big.Rat types can panic if the
encoded message is too short, potentially allowing a denial of service
(CVE-2022-32189)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s)
listed in the References section.
All OpenShift Container Platform 4.11 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid.
6.5 (Medium)
Affected products
Fixed
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:cri-tools-0:1.24.2-7.el8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:cri-tools-0:1.24.2-7.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:cri-tools-0:1.24.2-7.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:cri-tools-0:1.24.2-7.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:cri-tools-0:1.24.2-7.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:cri-tools-debuginfo-0:1.24.2-7.el8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:cri-tools-debuginfo-0:1.24.2-7.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:cri-tools-debuginfo-0:1.24.2-7.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:cri-tools-debuginfo-0:1.24.2-7.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:cri-tools-debugsource-0:1.24.2-7.el8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:cri-tools-debugsource-0:1.24.2-7.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:cri-tools-debugsource-0:1.24.2-7.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:cri-tools-debugsource-0:1.24.2-7.el8.x86_64 | — |
Vendor Fix
fix
|
Known not affected
29 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSE-4.11:ignition-0:2.14.0-5.rhaos4.11.el8.aarch64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:ignition-0:2.14.0-5.rhaos4.11.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:ignition-0:2.14.0-5.rhaos4.11.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:ignition-0:2.14.0-5.rhaos4.11.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:ignition-0:2.14.0-5.rhaos4.11.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:ignition-debuginfo-0:2.14.0-5.rhaos4.11.el8.aarch64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:ignition-debuginfo-0:2.14.0-5.rhaos4.11.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:ignition-debuginfo-0:2.14.0-5.rhaos4.11.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:ignition-debuginfo-0:2.14.0-5.rhaos4.11.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:ignition-debugsource-0:2.14.0-5.rhaos4.11.el8.aarch64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:ignition-debugsource-0:2.14.0-5.rhaos4.11.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:ignition-debugsource-0:2.14.0-5.rhaos4.11.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:ignition-debugsource-0:2.14.0-5.rhaos4.11.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:ignition-validate-0:2.14.0-5.rhaos4.11.el8.aarch64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:ignition-validate-0:2.14.0-5.rhaos4.11.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:ignition-validate-0:2.14.0-5.rhaos4.11.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:ignition-validate-0:2.14.0-5.rhaos4.11.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:ignition-validate-debuginfo-0:2.14.0-5.rhaos4.11.el8.aarch64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:ignition-validate-debuginfo-0:2.14.0-5.rhaos4.11.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:ignition-validate-debuginfo-0:2.14.0-5.rhaos4.11.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:ignition-validate-debuginfo-0:2.14.0-5.rhaos4.11.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:openshift-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.aarch64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-IRONIC-4.11:python-sushy-0:4.1.3-0.20221107175431.1da4385.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-IRONIC-4.11:python3-sushy-0:4.1.3-0.20221107175431.1da4385.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-IRONIC-4.11:python3-sushy-tests-0:4.1.3-0.20221107175431.1da4385.el8.noarch | — |
Threats
Impact
Moderate
A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown.
6.5 (Medium)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSE-4.11:cri-tools-0:1.24.2-7.el8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:cri-tools-0:1.24.2-7.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:cri-tools-0:1.24.2-7.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:cri-tools-0:1.24.2-7.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:cri-tools-0:1.24.2-7.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:cri-tools-debuginfo-0:1.24.2-7.el8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:cri-tools-debuginfo-0:1.24.2-7.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:cri-tools-debuginfo-0:1.24.2-7.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:cri-tools-debuginfo-0:1.24.2-7.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:cri-tools-debugsource-0:1.24.2-7.el8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:cri-tools-debugsource-0:1.24.2-7.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:cri-tools-debugsource-0:1.24.2-7.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:cri-tools-debugsource-0:1.24.2-7.el8.x86_64 | — |
Vendor Fix
fix
|
Known not affected
42 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.aarch64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.aarch64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.aarch64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:ignition-0:2.14.0-5.rhaos4.11.el8.aarch64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:ignition-0:2.14.0-5.rhaos4.11.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:ignition-0:2.14.0-5.rhaos4.11.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:ignition-0:2.14.0-5.rhaos4.11.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:ignition-0:2.14.0-5.rhaos4.11.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:ignition-debuginfo-0:2.14.0-5.rhaos4.11.el8.aarch64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:ignition-debuginfo-0:2.14.0-5.rhaos4.11.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:ignition-debuginfo-0:2.14.0-5.rhaos4.11.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:ignition-debuginfo-0:2.14.0-5.rhaos4.11.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:ignition-debugsource-0:2.14.0-5.rhaos4.11.el8.aarch64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:ignition-debugsource-0:2.14.0-5.rhaos4.11.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:ignition-debugsource-0:2.14.0-5.rhaos4.11.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:ignition-debugsource-0:2.14.0-5.rhaos4.11.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:ignition-validate-0:2.14.0-5.rhaos4.11.el8.aarch64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:ignition-validate-0:2.14.0-5.rhaos4.11.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:ignition-validate-0:2.14.0-5.rhaos4.11.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:ignition-validate-0:2.14.0-5.rhaos4.11.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:ignition-validate-debuginfo-0:2.14.0-5.rhaos4.11.el8.aarch64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:ignition-validate-debuginfo-0:2.14.0-5.rhaos4.11.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:ignition-validate-debuginfo-0:2.14.0-5.rhaos4.11.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:ignition-validate-debuginfo-0:2.14.0-5.rhaos4.11.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:openshift-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.aarch64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-IRONIC-4.11:python-sushy-0:4.1.3-0.20221107175431.1da4385.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-IRONIC-4.11:python3-sushy-0:4.1.3-0.20221107175431.1da4385.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-IRONIC-4.11:python3-sushy-tests-0:4.1.3-0.20221107175431.1da4385.el8.noarch | — |
Threats
Impact
Moderate
A flaw was found in net/http/httputil golang package. When httputil.ReverseProxy.ServeHTTP is called with a Request.Header map containing a nil value for the X-Forwarded-For header, ReverseProxy could set the client IP incorrectly. This issue may affect confidentiality.
6.5 (Medium)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.x86_64 | — |
Vendor Fix
fix
|
Known not affected
42 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSE-4.11:cri-tools-0:1.24.2-7.el8.aarch64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:cri-tools-0:1.24.2-7.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:cri-tools-0:1.24.2-7.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:cri-tools-0:1.24.2-7.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:cri-tools-0:1.24.2-7.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:cri-tools-debuginfo-0:1.24.2-7.el8.aarch64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:cri-tools-debuginfo-0:1.24.2-7.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:cri-tools-debuginfo-0:1.24.2-7.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:cri-tools-debuginfo-0:1.24.2-7.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:cri-tools-debugsource-0:1.24.2-7.el8.aarch64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:cri-tools-debugsource-0:1.24.2-7.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:cri-tools-debugsource-0:1.24.2-7.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:cri-tools-debugsource-0:1.24.2-7.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:ignition-0:2.14.0-5.rhaos4.11.el8.aarch64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:ignition-0:2.14.0-5.rhaos4.11.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:ignition-0:2.14.0-5.rhaos4.11.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:ignition-0:2.14.0-5.rhaos4.11.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:ignition-0:2.14.0-5.rhaos4.11.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:ignition-debuginfo-0:2.14.0-5.rhaos4.11.el8.aarch64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:ignition-debuginfo-0:2.14.0-5.rhaos4.11.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:ignition-debuginfo-0:2.14.0-5.rhaos4.11.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:ignition-debuginfo-0:2.14.0-5.rhaos4.11.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:ignition-debugsource-0:2.14.0-5.rhaos4.11.el8.aarch64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:ignition-debugsource-0:2.14.0-5.rhaos4.11.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:ignition-debugsource-0:2.14.0-5.rhaos4.11.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:ignition-debugsource-0:2.14.0-5.rhaos4.11.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:ignition-validate-0:2.14.0-5.rhaos4.11.el8.aarch64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:ignition-validate-0:2.14.0-5.rhaos4.11.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:ignition-validate-0:2.14.0-5.rhaos4.11.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:ignition-validate-0:2.14.0-5.rhaos4.11.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:ignition-validate-debuginfo-0:2.14.0-5.rhaos4.11.el8.aarch64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:ignition-validate-debuginfo-0:2.14.0-5.rhaos4.11.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:ignition-validate-debuginfo-0:2.14.0-5.rhaos4.11.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:ignition-validate-debuginfo-0:2.14.0-5.rhaos4.11.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:openshift-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.aarch64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-IRONIC-4.11:python-sushy-0:4.1.3-0.20221107175431.1da4385.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-IRONIC-4.11:python3-sushy-0:4.1.3-0.20221107175431.1da4385.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-IRONIC-4.11:python3-sushy-tests-0:4.1.3-0.20221107175431.1da4385.el8.noarch | — |
Threats
Impact
Moderate
An uncontrolled resource consumption flaw was found in Golang math/big. A too-short encoded message can cause a panic in Float.GobDecode and Rat.GobDecode in math/big in Go, potentially allowing an attacker to create a denial of service, impacting availability.
6.5 (Medium)
Affected products
Fixed
47 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.11:cri-tools-0:1.24.2-7.el8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.11:cri-tools-0:1.24.2-7.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.11:cri-tools-0:1.24.2-7.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.11:cri-tools-0:1.24.2-7.el8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.11:cri-tools-0:1.24.2-7.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.11:cri-tools-debuginfo-0:1.24.2-7.el8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.11:cri-tools-debuginfo-0:1.24.2-7.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.11:cri-tools-debuginfo-0:1.24.2-7.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.11:cri-tools-debuginfo-0:1.24.2-7.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.11:cri-tools-debugsource-0:1.24.2-7.el8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.11:cri-tools-debugsource-0:1.24.2-7.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.11:cri-tools-debugsource-0:1.24.2-7.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.11:cri-tools-debugsource-0:1.24.2-7.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.11:ignition-0:2.14.0-5.rhaos4.11.el8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.11:ignition-0:2.14.0-5.rhaos4.11.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.11:ignition-0:2.14.0-5.rhaos4.11.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.11:ignition-0:2.14.0-5.rhaos4.11.el8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.11:ignition-0:2.14.0-5.rhaos4.11.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.11:ignition-debuginfo-0:2.14.0-5.rhaos4.11.el8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.11:ignition-debuginfo-0:2.14.0-5.rhaos4.11.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.11:ignition-debuginfo-0:2.14.0-5.rhaos4.11.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.11:ignition-debuginfo-0:2.14.0-5.rhaos4.11.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.11:ignition-debugsource-0:2.14.0-5.rhaos4.11.el8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.11:ignition-debugsource-0:2.14.0-5.rhaos4.11.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.11:ignition-debugsource-0:2.14.0-5.rhaos4.11.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.11:ignition-debugsource-0:2.14.0-5.rhaos4.11.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.11:ignition-validate-0:2.14.0-5.rhaos4.11.el8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.11:ignition-validate-0:2.14.0-5.rhaos4.11.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.11:ignition-validate-0:2.14.0-5.rhaos4.11.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.11:ignition-validate-0:2.14.0-5.rhaos4.11.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.11:ignition-validate-debuginfo-0:2.14.0-5.rhaos4.11.el8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.11:ignition-validate-debuginfo-0:2.14.0-5.rhaos4.11.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.11:ignition-validate-debuginfo-0:2.14.0-5.rhaos4.11.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.11:ignition-validate-debuginfo-0:2.14.0-5.rhaos4.11.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSE-4.11:openshift-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.src | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.aarch64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-IRONIC-4.11:python-sushy-0:4.1.3-0.20221107175431.1da4385.el8.src | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-IRONIC-4.11:python3-sushy-0:4.1.3-0.20221107175431.1da4385.el8.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-IRONIC-4.11:python3-sushy-tests-0:4.1.3-0.20221107175431.1da4385.el8.noarch | — |
Workaround
|
Threats
Impact
Low
References
31 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Container Platform release 4.11.17 is now available with\nupdates to packages and images that fix several bugs and add enhancements.\n\nThis release includes a security update for Red Hat OpenShift Container Platform 4.11.\n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.11.17. See the following advisory for the container images for this release:\n\nhttps://access.redhat.com/errata/RHBA-2022:8627\n\nSecurity Fix(es):\n\n* golang: net/http: improper sanitization of Transfer-Encoding header\n(CVE-2022-1705)\n* golang: net/http: handle server errors after sending GOAWAY\n(CVE-2022-27664)\n* golang: net/http/httputil: NewSingleHostReverseProxy - omit\nX-Forwarded-For not working (CVE-2022-32148)\n* golang: math/big: decoding big.Float and big.Rat types can panic if the\nencoded message is too short, potentially allowing a denial of service\n(CVE-2022-32189)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s)\nlisted in the References section.\n\nAll OpenShift Container Platform 4.11 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:8626",
"url": "https://access.redhat.com/errata/RHSA-2022:8626"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2107374",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107374"
},
{
"category": "external",
"summary": "2107383",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107383"
},
{
"category": "external",
"summary": "2113814",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2113814"
},
{
"category": "external",
"summary": "2124669",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124669"
},
{
"category": "external",
"summary": "OCPBUGS-4045",
"url": "https://issues.redhat.com/browse/OCPBUGS-4045"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_8626.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Container Platform 4.11.17 packages and security update",
"tracking": {
"current_release_date": "2026-05-11T14:40:26+00:00",
"generator": {
"date": "2026-05-11T14:40:26+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.9"
}
},
"id": "RHSA-2022:8626",
"initial_release_date": "2022-11-28T20:47:08+00:00",
"revision_history": [
{
"date": "2022-11-28T20:47:08+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-11-28T20:47:08+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-11T14:40:26+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 4.11",
"product": {
"name": "Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:4.11::el8"
}
}
},
{
"category": "product_name",
"name": "Ironic content for Red Hat OpenShift Container Platform 4.11",
"product": {
"name": "Ironic content for Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-IRONIC-4.11",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_ironic:4.11::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.src",
"product": {
"name": "cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.src",
"product_id": "cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o@1.24.3-6.rhaos4.11.gitc4567c0.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "cri-tools-0:1.24.2-7.el8.src",
"product": {
"name": "cri-tools-0:1.24.2-7.el8.src",
"product_id": "cri-tools-0:1.24.2-7.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-tools@1.24.2-7.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "ignition-0:2.14.0-5.rhaos4.11.el8.src",
"product": {
"name": "ignition-0:2.14.0-5.rhaos4.11.el8.src",
"product_id": "ignition-0:2.14.0-5.rhaos4.11.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ignition@2.14.0-5.rhaos4.11.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.src",
"product": {
"name": "openshift-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.src",
"product_id": "openshift-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift@4.11.0-202211091106.p0.g5658434.assembly.stream.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-sushy-0:4.1.3-0.20221107175431.1da4385.el8.src",
"product": {
"name": "python-sushy-0:4.1.3-0.20221107175431.1da4385.el8.src",
"product_id": "python-sushy-0:4.1.3-0.20221107175431.1da4385.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-sushy@4.1.3-0.20221107175431.1da4385.el8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.x86_64",
"product": {
"name": "cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.x86_64",
"product_id": "cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o@1.24.3-6.rhaos4.11.gitc4567c0.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cri-o-debugsource-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.x86_64",
"product": {
"name": "cri-o-debugsource-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.x86_64",
"product_id": "cri-o-debugsource-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debugsource@1.24.3-6.rhaos4.11.gitc4567c0.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cri-o-debuginfo-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.x86_64",
"product": {
"name": "cri-o-debuginfo-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.x86_64",
"product_id": "cri-o-debuginfo-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debuginfo@1.24.3-6.rhaos4.11.gitc4567c0.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cri-tools-0:1.24.2-7.el8.x86_64",
"product": {
"name": "cri-tools-0:1.24.2-7.el8.x86_64",
"product_id": "cri-tools-0:1.24.2-7.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-tools@1.24.2-7.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cri-tools-debugsource-0:1.24.2-7.el8.x86_64",
"product": {
"name": "cri-tools-debugsource-0:1.24.2-7.el8.x86_64",
"product_id": "cri-tools-debugsource-0:1.24.2-7.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-tools-debugsource@1.24.2-7.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cri-tools-debuginfo-0:1.24.2-7.el8.x86_64",
"product": {
"name": "cri-tools-debuginfo-0:1.24.2-7.el8.x86_64",
"product_id": "cri-tools-debuginfo-0:1.24.2-7.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-tools-debuginfo@1.24.2-7.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ignition-0:2.14.0-5.rhaos4.11.el8.x86_64",
"product": {
"name": "ignition-0:2.14.0-5.rhaos4.11.el8.x86_64",
"product_id": "ignition-0:2.14.0-5.rhaos4.11.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ignition@2.14.0-5.rhaos4.11.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ignition-validate-0:2.14.0-5.rhaos4.11.el8.x86_64",
"product": {
"name": "ignition-validate-0:2.14.0-5.rhaos4.11.el8.x86_64",
"product_id": "ignition-validate-0:2.14.0-5.rhaos4.11.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ignition-validate@2.14.0-5.rhaos4.11.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ignition-debugsource-0:2.14.0-5.rhaos4.11.el8.x86_64",
"product": {
"name": "ignition-debugsource-0:2.14.0-5.rhaos4.11.el8.x86_64",
"product_id": "ignition-debugsource-0:2.14.0-5.rhaos4.11.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ignition-debugsource@2.14.0-5.rhaos4.11.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ignition-debuginfo-0:2.14.0-5.rhaos4.11.el8.x86_64",
"product": {
"name": "ignition-debuginfo-0:2.14.0-5.rhaos4.11.el8.x86_64",
"product_id": "ignition-debuginfo-0:2.14.0-5.rhaos4.11.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ignition-debuginfo@2.14.0-5.rhaos4.11.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ignition-validate-debuginfo-0:2.14.0-5.rhaos4.11.el8.x86_64",
"product": {
"name": "ignition-validate-debuginfo-0:2.14.0-5.rhaos4.11.el8.x86_64",
"product_id": "ignition-validate-debuginfo-0:2.14.0-5.rhaos4.11.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ignition-validate-debuginfo@2.14.0-5.rhaos4.11.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openshift-hyperkube-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.x86_64",
"product": {
"name": "openshift-hyperkube-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.x86_64",
"product_id": "openshift-hyperkube-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-hyperkube@4.11.0-202211091106.p0.g5658434.assembly.stream.el8?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.aarch64",
"product": {
"name": "cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.aarch64",
"product_id": "cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o@1.24.3-6.rhaos4.11.gitc4567c0.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "cri-o-debugsource-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.aarch64",
"product": {
"name": "cri-o-debugsource-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.aarch64",
"product_id": "cri-o-debugsource-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debugsource@1.24.3-6.rhaos4.11.gitc4567c0.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "cri-o-debuginfo-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.aarch64",
"product": {
"name": "cri-o-debuginfo-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.aarch64",
"product_id": "cri-o-debuginfo-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debuginfo@1.24.3-6.rhaos4.11.gitc4567c0.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "cri-tools-0:1.24.2-7.el8.aarch64",
"product": {
"name": "cri-tools-0:1.24.2-7.el8.aarch64",
"product_id": "cri-tools-0:1.24.2-7.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-tools@1.24.2-7.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "cri-tools-debugsource-0:1.24.2-7.el8.aarch64",
"product": {
"name": "cri-tools-debugsource-0:1.24.2-7.el8.aarch64",
"product_id": "cri-tools-debugsource-0:1.24.2-7.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-tools-debugsource@1.24.2-7.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "cri-tools-debuginfo-0:1.24.2-7.el8.aarch64",
"product": {
"name": "cri-tools-debuginfo-0:1.24.2-7.el8.aarch64",
"product_id": "cri-tools-debuginfo-0:1.24.2-7.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-tools-debuginfo@1.24.2-7.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "ignition-0:2.14.0-5.rhaos4.11.el8.aarch64",
"product": {
"name": "ignition-0:2.14.0-5.rhaos4.11.el8.aarch64",
"product_id": "ignition-0:2.14.0-5.rhaos4.11.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ignition@2.14.0-5.rhaos4.11.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "ignition-validate-0:2.14.0-5.rhaos4.11.el8.aarch64",
"product": {
"name": "ignition-validate-0:2.14.0-5.rhaos4.11.el8.aarch64",
"product_id": "ignition-validate-0:2.14.0-5.rhaos4.11.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ignition-validate@2.14.0-5.rhaos4.11.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "ignition-debugsource-0:2.14.0-5.rhaos4.11.el8.aarch64",
"product": {
"name": "ignition-debugsource-0:2.14.0-5.rhaos4.11.el8.aarch64",
"product_id": "ignition-debugsource-0:2.14.0-5.rhaos4.11.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ignition-debugsource@2.14.0-5.rhaos4.11.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "ignition-debuginfo-0:2.14.0-5.rhaos4.11.el8.aarch64",
"product": {
"name": "ignition-debuginfo-0:2.14.0-5.rhaos4.11.el8.aarch64",
"product_id": "ignition-debuginfo-0:2.14.0-5.rhaos4.11.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ignition-debuginfo@2.14.0-5.rhaos4.11.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "ignition-validate-debuginfo-0:2.14.0-5.rhaos4.11.el8.aarch64",
"product": {
"name": "ignition-validate-debuginfo-0:2.14.0-5.rhaos4.11.el8.aarch64",
"product_id": "ignition-validate-debuginfo-0:2.14.0-5.rhaos4.11.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ignition-validate-debuginfo@2.14.0-5.rhaos4.11.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "openshift-hyperkube-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.aarch64",
"product": {
"name": "openshift-hyperkube-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.aarch64",
"product_id": "openshift-hyperkube-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-hyperkube@4.11.0-202211091106.p0.g5658434.assembly.stream.el8?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.ppc64le",
"product": {
"name": "cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.ppc64le",
"product_id": "cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o@1.24.3-6.rhaos4.11.gitc4567c0.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cri-o-debugsource-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.ppc64le",
"product": {
"name": "cri-o-debugsource-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.ppc64le",
"product_id": "cri-o-debugsource-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debugsource@1.24.3-6.rhaos4.11.gitc4567c0.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cri-o-debuginfo-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.ppc64le",
"product": {
"name": "cri-o-debuginfo-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.ppc64le",
"product_id": "cri-o-debuginfo-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debuginfo@1.24.3-6.rhaos4.11.gitc4567c0.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cri-tools-0:1.24.2-7.el8.ppc64le",
"product": {
"name": "cri-tools-0:1.24.2-7.el8.ppc64le",
"product_id": "cri-tools-0:1.24.2-7.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-tools@1.24.2-7.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cri-tools-debugsource-0:1.24.2-7.el8.ppc64le",
"product": {
"name": "cri-tools-debugsource-0:1.24.2-7.el8.ppc64le",
"product_id": "cri-tools-debugsource-0:1.24.2-7.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-tools-debugsource@1.24.2-7.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cri-tools-debuginfo-0:1.24.2-7.el8.ppc64le",
"product": {
"name": "cri-tools-debuginfo-0:1.24.2-7.el8.ppc64le",
"product_id": "cri-tools-debuginfo-0:1.24.2-7.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-tools-debuginfo@1.24.2-7.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "ignition-0:2.14.0-5.rhaos4.11.el8.ppc64le",
"product": {
"name": "ignition-0:2.14.0-5.rhaos4.11.el8.ppc64le",
"product_id": "ignition-0:2.14.0-5.rhaos4.11.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ignition@2.14.0-5.rhaos4.11.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "ignition-validate-0:2.14.0-5.rhaos4.11.el8.ppc64le",
"product": {
"name": "ignition-validate-0:2.14.0-5.rhaos4.11.el8.ppc64le",
"product_id": "ignition-validate-0:2.14.0-5.rhaos4.11.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ignition-validate@2.14.0-5.rhaos4.11.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "ignition-debugsource-0:2.14.0-5.rhaos4.11.el8.ppc64le",
"product": {
"name": "ignition-debugsource-0:2.14.0-5.rhaos4.11.el8.ppc64le",
"product_id": "ignition-debugsource-0:2.14.0-5.rhaos4.11.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ignition-debugsource@2.14.0-5.rhaos4.11.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "ignition-debuginfo-0:2.14.0-5.rhaos4.11.el8.ppc64le",
"product": {
"name": "ignition-debuginfo-0:2.14.0-5.rhaos4.11.el8.ppc64le",
"product_id": "ignition-debuginfo-0:2.14.0-5.rhaos4.11.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ignition-debuginfo@2.14.0-5.rhaos4.11.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "ignition-validate-debuginfo-0:2.14.0-5.rhaos4.11.el8.ppc64le",
"product": {
"name": "ignition-validate-debuginfo-0:2.14.0-5.rhaos4.11.el8.ppc64le",
"product_id": "ignition-validate-debuginfo-0:2.14.0-5.rhaos4.11.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ignition-validate-debuginfo@2.14.0-5.rhaos4.11.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "openshift-hyperkube-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.ppc64le",
"product": {
"name": "openshift-hyperkube-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.ppc64le",
"product_id": "openshift-hyperkube-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-hyperkube@4.11.0-202211091106.p0.g5658434.assembly.stream.el8?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.s390x",
"product": {
"name": "cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.s390x",
"product_id": "cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o@1.24.3-6.rhaos4.11.gitc4567c0.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cri-o-debugsource-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.s390x",
"product": {
"name": "cri-o-debugsource-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.s390x",
"product_id": "cri-o-debugsource-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debugsource@1.24.3-6.rhaos4.11.gitc4567c0.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cri-o-debuginfo-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.s390x",
"product": {
"name": "cri-o-debuginfo-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.s390x",
"product_id": "cri-o-debuginfo-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debuginfo@1.24.3-6.rhaos4.11.gitc4567c0.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cri-tools-0:1.24.2-7.el8.s390x",
"product": {
"name": "cri-tools-0:1.24.2-7.el8.s390x",
"product_id": "cri-tools-0:1.24.2-7.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-tools@1.24.2-7.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cri-tools-debugsource-0:1.24.2-7.el8.s390x",
"product": {
"name": "cri-tools-debugsource-0:1.24.2-7.el8.s390x",
"product_id": "cri-tools-debugsource-0:1.24.2-7.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-tools-debugsource@1.24.2-7.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cri-tools-debuginfo-0:1.24.2-7.el8.s390x",
"product": {
"name": "cri-tools-debuginfo-0:1.24.2-7.el8.s390x",
"product_id": "cri-tools-debuginfo-0:1.24.2-7.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-tools-debuginfo@1.24.2-7.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "ignition-0:2.14.0-5.rhaos4.11.el8.s390x",
"product": {
"name": "ignition-0:2.14.0-5.rhaos4.11.el8.s390x",
"product_id": "ignition-0:2.14.0-5.rhaos4.11.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ignition@2.14.0-5.rhaos4.11.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "ignition-validate-0:2.14.0-5.rhaos4.11.el8.s390x",
"product": {
"name": "ignition-validate-0:2.14.0-5.rhaos4.11.el8.s390x",
"product_id": "ignition-validate-0:2.14.0-5.rhaos4.11.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ignition-validate@2.14.0-5.rhaos4.11.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "ignition-debugsource-0:2.14.0-5.rhaos4.11.el8.s390x",
"product": {
"name": "ignition-debugsource-0:2.14.0-5.rhaos4.11.el8.s390x",
"product_id": "ignition-debugsource-0:2.14.0-5.rhaos4.11.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ignition-debugsource@2.14.0-5.rhaos4.11.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "ignition-debuginfo-0:2.14.0-5.rhaos4.11.el8.s390x",
"product": {
"name": "ignition-debuginfo-0:2.14.0-5.rhaos4.11.el8.s390x",
"product_id": "ignition-debuginfo-0:2.14.0-5.rhaos4.11.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ignition-debuginfo@2.14.0-5.rhaos4.11.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "ignition-validate-debuginfo-0:2.14.0-5.rhaos4.11.el8.s390x",
"product": {
"name": "ignition-validate-debuginfo-0:2.14.0-5.rhaos4.11.el8.s390x",
"product_id": "ignition-validate-debuginfo-0:2.14.0-5.rhaos4.11.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ignition-validate-debuginfo@2.14.0-5.rhaos4.11.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "openshift-hyperkube-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.s390x",
"product": {
"name": "openshift-hyperkube-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.s390x",
"product_id": "openshift-hyperkube-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-hyperkube@4.11.0-202211091106.p0.g5658434.assembly.stream.el8?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "python3-sushy-0:4.1.3-0.20221107175431.1da4385.el8.noarch",
"product": {
"name": "python3-sushy-0:4.1.3-0.20221107175431.1da4385.el8.noarch",
"product_id": "python3-sushy-0:4.1.3-0.20221107175431.1da4385.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-sushy@4.1.3-0.20221107175431.1da4385.el8?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3-sushy-tests-0:4.1.3-0.20221107175431.1da4385.el8.noarch",
"product": {
"name": "python3-sushy-tests-0:4.1.3-0.20221107175431.1da4385.el8.noarch",
"product_id": "python3-sushy-tests-0:4.1.3-0.20221107175431.1da4385.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-sushy-tests@4.1.3-0.20221107175431.1da4385.el8?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.aarch64 as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.aarch64"
},
"product_reference": "cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.aarch64",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.ppc64le"
},
"product_reference": "cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.s390x as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.s390x"
},
"product_reference": "cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.src as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.src"
},
"product_reference": "cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.src",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.x86_64"
},
"product_reference": "cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debuginfo-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.aarch64 as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.aarch64"
},
"product_reference": "cri-o-debuginfo-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.aarch64",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debuginfo-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.ppc64le"
},
"product_reference": "cri-o-debuginfo-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debuginfo-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.s390x as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.s390x"
},
"product_reference": "cri-o-debuginfo-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debuginfo-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.x86_64"
},
"product_reference": "cri-o-debuginfo-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debugsource-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.aarch64 as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.aarch64"
},
"product_reference": "cri-o-debugsource-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.aarch64",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debugsource-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.ppc64le"
},
"product_reference": "cri-o-debugsource-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debugsource-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.s390x as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.s390x"
},
"product_reference": "cri-o-debugsource-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debugsource-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.x86_64"
},
"product_reference": "cri-o-debugsource-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-tools-0:1.24.2-7.el8.aarch64 as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:cri-tools-0:1.24.2-7.el8.aarch64"
},
"product_reference": "cri-tools-0:1.24.2-7.el8.aarch64",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-tools-0:1.24.2-7.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:cri-tools-0:1.24.2-7.el8.ppc64le"
},
"product_reference": "cri-tools-0:1.24.2-7.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-tools-0:1.24.2-7.el8.s390x as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:cri-tools-0:1.24.2-7.el8.s390x"
},
"product_reference": "cri-tools-0:1.24.2-7.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-tools-0:1.24.2-7.el8.src as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:cri-tools-0:1.24.2-7.el8.src"
},
"product_reference": "cri-tools-0:1.24.2-7.el8.src",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-tools-0:1.24.2-7.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:cri-tools-0:1.24.2-7.el8.x86_64"
},
"product_reference": "cri-tools-0:1.24.2-7.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-tools-debuginfo-0:1.24.2-7.el8.aarch64 as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:cri-tools-debuginfo-0:1.24.2-7.el8.aarch64"
},
"product_reference": "cri-tools-debuginfo-0:1.24.2-7.el8.aarch64",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-tools-debuginfo-0:1.24.2-7.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:cri-tools-debuginfo-0:1.24.2-7.el8.ppc64le"
},
"product_reference": "cri-tools-debuginfo-0:1.24.2-7.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-tools-debuginfo-0:1.24.2-7.el8.s390x as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:cri-tools-debuginfo-0:1.24.2-7.el8.s390x"
},
"product_reference": "cri-tools-debuginfo-0:1.24.2-7.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-tools-debuginfo-0:1.24.2-7.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:cri-tools-debuginfo-0:1.24.2-7.el8.x86_64"
},
"product_reference": "cri-tools-debuginfo-0:1.24.2-7.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-tools-debugsource-0:1.24.2-7.el8.aarch64 as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:cri-tools-debugsource-0:1.24.2-7.el8.aarch64"
},
"product_reference": "cri-tools-debugsource-0:1.24.2-7.el8.aarch64",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-tools-debugsource-0:1.24.2-7.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:cri-tools-debugsource-0:1.24.2-7.el8.ppc64le"
},
"product_reference": "cri-tools-debugsource-0:1.24.2-7.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-tools-debugsource-0:1.24.2-7.el8.s390x as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:cri-tools-debugsource-0:1.24.2-7.el8.s390x"
},
"product_reference": "cri-tools-debugsource-0:1.24.2-7.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-tools-debugsource-0:1.24.2-7.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:cri-tools-debugsource-0:1.24.2-7.el8.x86_64"
},
"product_reference": "cri-tools-debugsource-0:1.24.2-7.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-0:2.14.0-5.rhaos4.11.el8.aarch64 as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:ignition-0:2.14.0-5.rhaos4.11.el8.aarch64"
},
"product_reference": "ignition-0:2.14.0-5.rhaos4.11.el8.aarch64",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-0:2.14.0-5.rhaos4.11.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:ignition-0:2.14.0-5.rhaos4.11.el8.ppc64le"
},
"product_reference": "ignition-0:2.14.0-5.rhaos4.11.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-0:2.14.0-5.rhaos4.11.el8.s390x as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:ignition-0:2.14.0-5.rhaos4.11.el8.s390x"
},
"product_reference": "ignition-0:2.14.0-5.rhaos4.11.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-0:2.14.0-5.rhaos4.11.el8.src as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:ignition-0:2.14.0-5.rhaos4.11.el8.src"
},
"product_reference": "ignition-0:2.14.0-5.rhaos4.11.el8.src",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-0:2.14.0-5.rhaos4.11.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:ignition-0:2.14.0-5.rhaos4.11.el8.x86_64"
},
"product_reference": "ignition-0:2.14.0-5.rhaos4.11.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-debuginfo-0:2.14.0-5.rhaos4.11.el8.aarch64 as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:ignition-debuginfo-0:2.14.0-5.rhaos4.11.el8.aarch64"
},
"product_reference": "ignition-debuginfo-0:2.14.0-5.rhaos4.11.el8.aarch64",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-debuginfo-0:2.14.0-5.rhaos4.11.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:ignition-debuginfo-0:2.14.0-5.rhaos4.11.el8.ppc64le"
},
"product_reference": "ignition-debuginfo-0:2.14.0-5.rhaos4.11.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-debuginfo-0:2.14.0-5.rhaos4.11.el8.s390x as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:ignition-debuginfo-0:2.14.0-5.rhaos4.11.el8.s390x"
},
"product_reference": "ignition-debuginfo-0:2.14.0-5.rhaos4.11.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-debuginfo-0:2.14.0-5.rhaos4.11.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:ignition-debuginfo-0:2.14.0-5.rhaos4.11.el8.x86_64"
},
"product_reference": "ignition-debuginfo-0:2.14.0-5.rhaos4.11.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-debugsource-0:2.14.0-5.rhaos4.11.el8.aarch64 as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:ignition-debugsource-0:2.14.0-5.rhaos4.11.el8.aarch64"
},
"product_reference": "ignition-debugsource-0:2.14.0-5.rhaos4.11.el8.aarch64",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-debugsource-0:2.14.0-5.rhaos4.11.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:ignition-debugsource-0:2.14.0-5.rhaos4.11.el8.ppc64le"
},
"product_reference": "ignition-debugsource-0:2.14.0-5.rhaos4.11.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-debugsource-0:2.14.0-5.rhaos4.11.el8.s390x as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:ignition-debugsource-0:2.14.0-5.rhaos4.11.el8.s390x"
},
"product_reference": "ignition-debugsource-0:2.14.0-5.rhaos4.11.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-debugsource-0:2.14.0-5.rhaos4.11.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:ignition-debugsource-0:2.14.0-5.rhaos4.11.el8.x86_64"
},
"product_reference": "ignition-debugsource-0:2.14.0-5.rhaos4.11.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-validate-0:2.14.0-5.rhaos4.11.el8.aarch64 as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:ignition-validate-0:2.14.0-5.rhaos4.11.el8.aarch64"
},
"product_reference": "ignition-validate-0:2.14.0-5.rhaos4.11.el8.aarch64",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-validate-0:2.14.0-5.rhaos4.11.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:ignition-validate-0:2.14.0-5.rhaos4.11.el8.ppc64le"
},
"product_reference": "ignition-validate-0:2.14.0-5.rhaos4.11.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-validate-0:2.14.0-5.rhaos4.11.el8.s390x as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:ignition-validate-0:2.14.0-5.rhaos4.11.el8.s390x"
},
"product_reference": "ignition-validate-0:2.14.0-5.rhaos4.11.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-validate-0:2.14.0-5.rhaos4.11.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:ignition-validate-0:2.14.0-5.rhaos4.11.el8.x86_64"
},
"product_reference": "ignition-validate-0:2.14.0-5.rhaos4.11.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-validate-debuginfo-0:2.14.0-5.rhaos4.11.el8.aarch64 as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:ignition-validate-debuginfo-0:2.14.0-5.rhaos4.11.el8.aarch64"
},
"product_reference": "ignition-validate-debuginfo-0:2.14.0-5.rhaos4.11.el8.aarch64",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-validate-debuginfo-0:2.14.0-5.rhaos4.11.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:ignition-validate-debuginfo-0:2.14.0-5.rhaos4.11.el8.ppc64le"
},
"product_reference": "ignition-validate-debuginfo-0:2.14.0-5.rhaos4.11.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-validate-debuginfo-0:2.14.0-5.rhaos4.11.el8.s390x as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:ignition-validate-debuginfo-0:2.14.0-5.rhaos4.11.el8.s390x"
},
"product_reference": "ignition-validate-debuginfo-0:2.14.0-5.rhaos4.11.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-validate-debuginfo-0:2.14.0-5.rhaos4.11.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:ignition-validate-debuginfo-0:2.14.0-5.rhaos4.11.el8.x86_64"
},
"product_reference": "ignition-validate-debuginfo-0:2.14.0-5.rhaos4.11.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.src as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:openshift-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.src"
},
"product_reference": "openshift-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.src",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-hyperkube-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.aarch64 as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.aarch64"
},
"product_reference": "openshift-hyperkube-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.aarch64",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-hyperkube-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.ppc64le"
},
"product_reference": "openshift-hyperkube-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-hyperkube-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.s390x as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.s390x"
},
"product_reference": "openshift-hyperkube-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-hyperkube-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.x86_64"
},
"product_reference": "openshift-hyperkube-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-sushy-0:4.1.3-0.20221107175431.1da4385.el8.src as a component of Ironic content for Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-IRONIC-4.11:python-sushy-0:4.1.3-0.20221107175431.1da4385.el8.src"
},
"product_reference": "python-sushy-0:4.1.3-0.20221107175431.1da4385.el8.src",
"relates_to_product_reference": "8Base-RHOSE-IRONIC-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-sushy-0:4.1.3-0.20221107175431.1da4385.el8.noarch as a component of Ironic content for Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-IRONIC-4.11:python3-sushy-0:4.1.3-0.20221107175431.1da4385.el8.noarch"
},
"product_reference": "python3-sushy-0:4.1.3-0.20221107175431.1da4385.el8.noarch",
"relates_to_product_reference": "8Base-RHOSE-IRONIC-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-sushy-tests-0:4.1.3-0.20221107175431.1da4385.el8.noarch as a component of Ironic content for Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-IRONIC-4.11:python3-sushy-tests-0:4.1.3-0.20221107175431.1da4385.el8.noarch"
},
"product_reference": "python3-sushy-tests-0:4.1.3-0.20221107175431.1da4385.el8.noarch",
"relates_to_product_reference": "8Base-RHOSE-IRONIC-4.11"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-1705",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSE-4.11:ignition-0:2.14.0-5.rhaos4.11.el8.aarch64",
"8Base-RHOSE-4.11:ignition-0:2.14.0-5.rhaos4.11.el8.ppc64le",
"8Base-RHOSE-4.11:ignition-0:2.14.0-5.rhaos4.11.el8.s390x",
"8Base-RHOSE-4.11:ignition-0:2.14.0-5.rhaos4.11.el8.src",
"8Base-RHOSE-4.11:ignition-0:2.14.0-5.rhaos4.11.el8.x86_64",
"8Base-RHOSE-4.11:ignition-debuginfo-0:2.14.0-5.rhaos4.11.el8.aarch64",
"8Base-RHOSE-4.11:ignition-debuginfo-0:2.14.0-5.rhaos4.11.el8.ppc64le",
"8Base-RHOSE-4.11:ignition-debuginfo-0:2.14.0-5.rhaos4.11.el8.s390x",
"8Base-RHOSE-4.11:ignition-debuginfo-0:2.14.0-5.rhaos4.11.el8.x86_64",
"8Base-RHOSE-4.11:ignition-debugsource-0:2.14.0-5.rhaos4.11.el8.aarch64",
"8Base-RHOSE-4.11:ignition-debugsource-0:2.14.0-5.rhaos4.11.el8.ppc64le",
"8Base-RHOSE-4.11:ignition-debugsource-0:2.14.0-5.rhaos4.11.el8.s390x",
"8Base-RHOSE-4.11:ignition-debugsource-0:2.14.0-5.rhaos4.11.el8.x86_64",
"8Base-RHOSE-4.11:ignition-validate-0:2.14.0-5.rhaos4.11.el8.aarch64",
"8Base-RHOSE-4.11:ignition-validate-0:2.14.0-5.rhaos4.11.el8.ppc64le",
"8Base-RHOSE-4.11:ignition-validate-0:2.14.0-5.rhaos4.11.el8.s390x",
"8Base-RHOSE-4.11:ignition-validate-0:2.14.0-5.rhaos4.11.el8.x86_64",
"8Base-RHOSE-4.11:ignition-validate-debuginfo-0:2.14.0-5.rhaos4.11.el8.aarch64",
"8Base-RHOSE-4.11:ignition-validate-debuginfo-0:2.14.0-5.rhaos4.11.el8.ppc64le",
"8Base-RHOSE-4.11:ignition-validate-debuginfo-0:2.14.0-5.rhaos4.11.el8.s390x",
"8Base-RHOSE-4.11:ignition-validate-debuginfo-0:2.14.0-5.rhaos4.11.el8.x86_64",
"8Base-RHOSE-4.11:openshift-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.src",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.aarch64",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.s390x",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.x86_64",
"8Base-RHOSE-IRONIC-4.11:python-sushy-0:4.1.3-0.20221107175431.1da4385.el8.src",
"8Base-RHOSE-IRONIC-4.11:python3-sushy-0:4.1.3-0.20221107175431.1da4385.el8.noarch",
"8Base-RHOSE-IRONIC-4.11:python3-sushy-tests-0:4.1.3-0.20221107175431.1da4385.el8.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107374"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating \"chunked\" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: improper sanitization of Transfer-Encoding header",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.11:cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.aarch64",
"8Base-RHOSE-4.11:cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.ppc64le",
"8Base-RHOSE-4.11:cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.s390x",
"8Base-RHOSE-4.11:cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.src",
"8Base-RHOSE-4.11:cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.x86_64",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.aarch64",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.ppc64le",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.s390x",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.x86_64",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.aarch64",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.ppc64le",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.s390x",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.x86_64",
"8Base-RHOSE-4.11:cri-tools-0:1.24.2-7.el8.aarch64",
"8Base-RHOSE-4.11:cri-tools-0:1.24.2-7.el8.ppc64le",
"8Base-RHOSE-4.11:cri-tools-0:1.24.2-7.el8.s390x",
"8Base-RHOSE-4.11:cri-tools-0:1.24.2-7.el8.src",
"8Base-RHOSE-4.11:cri-tools-0:1.24.2-7.el8.x86_64",
"8Base-RHOSE-4.11:cri-tools-debuginfo-0:1.24.2-7.el8.aarch64",
"8Base-RHOSE-4.11:cri-tools-debuginfo-0:1.24.2-7.el8.ppc64le",
"8Base-RHOSE-4.11:cri-tools-debuginfo-0:1.24.2-7.el8.s390x",
"8Base-RHOSE-4.11:cri-tools-debuginfo-0:1.24.2-7.el8.x86_64",
"8Base-RHOSE-4.11:cri-tools-debugsource-0:1.24.2-7.el8.aarch64",
"8Base-RHOSE-4.11:cri-tools-debugsource-0:1.24.2-7.el8.ppc64le",
"8Base-RHOSE-4.11:cri-tools-debugsource-0:1.24.2-7.el8.s390x",
"8Base-RHOSE-4.11:cri-tools-debugsource-0:1.24.2-7.el8.x86_64"
],
"known_not_affected": [
"8Base-RHOSE-4.11:ignition-0:2.14.0-5.rhaos4.11.el8.aarch64",
"8Base-RHOSE-4.11:ignition-0:2.14.0-5.rhaos4.11.el8.ppc64le",
"8Base-RHOSE-4.11:ignition-0:2.14.0-5.rhaos4.11.el8.s390x",
"8Base-RHOSE-4.11:ignition-0:2.14.0-5.rhaos4.11.el8.src",
"8Base-RHOSE-4.11:ignition-0:2.14.0-5.rhaos4.11.el8.x86_64",
"8Base-RHOSE-4.11:ignition-debuginfo-0:2.14.0-5.rhaos4.11.el8.aarch64",
"8Base-RHOSE-4.11:ignition-debuginfo-0:2.14.0-5.rhaos4.11.el8.ppc64le",
"8Base-RHOSE-4.11:ignition-debuginfo-0:2.14.0-5.rhaos4.11.el8.s390x",
"8Base-RHOSE-4.11:ignition-debuginfo-0:2.14.0-5.rhaos4.11.el8.x86_64",
"8Base-RHOSE-4.11:ignition-debugsource-0:2.14.0-5.rhaos4.11.el8.aarch64",
"8Base-RHOSE-4.11:ignition-debugsource-0:2.14.0-5.rhaos4.11.el8.ppc64le",
"8Base-RHOSE-4.11:ignition-debugsource-0:2.14.0-5.rhaos4.11.el8.s390x",
"8Base-RHOSE-4.11:ignition-debugsource-0:2.14.0-5.rhaos4.11.el8.x86_64",
"8Base-RHOSE-4.11:ignition-validate-0:2.14.0-5.rhaos4.11.el8.aarch64",
"8Base-RHOSE-4.11:ignition-validate-0:2.14.0-5.rhaos4.11.el8.ppc64le",
"8Base-RHOSE-4.11:ignition-validate-0:2.14.0-5.rhaos4.11.el8.s390x",
"8Base-RHOSE-4.11:ignition-validate-0:2.14.0-5.rhaos4.11.el8.x86_64",
"8Base-RHOSE-4.11:ignition-validate-debuginfo-0:2.14.0-5.rhaos4.11.el8.aarch64",
"8Base-RHOSE-4.11:ignition-validate-debuginfo-0:2.14.0-5.rhaos4.11.el8.ppc64le",
"8Base-RHOSE-4.11:ignition-validate-debuginfo-0:2.14.0-5.rhaos4.11.el8.s390x",
"8Base-RHOSE-4.11:ignition-validate-debuginfo-0:2.14.0-5.rhaos4.11.el8.x86_64",
"8Base-RHOSE-4.11:openshift-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.src",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.aarch64",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.s390x",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.x86_64",
"8Base-RHOSE-IRONIC-4.11:python-sushy-0:4.1.3-0.20221107175431.1da4385.el8.src",
"8Base-RHOSE-IRONIC-4.11:python3-sushy-0:4.1.3-0.20221107175431.1da4385.el8.noarch",
"8Base-RHOSE-IRONIC-4.11:python3-sushy-tests-0:4.1.3-0.20221107175431.1da4385.el8.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1705"
},
{
"category": "external",
"summary": "RHBZ#2107374",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107374"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1705",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1705"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1705",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1705"
},
{
"category": "external",
"summary": "https://go.dev/issue/53188",
"url": "https://go.dev/issue/53188"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-28T20:47:08+00:00",
"details": "See the following documentation, which will be updated shortly for this\nrelease, for important instructions on how to upgrade your cluster and\nfully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html",
"product_ids": [
"8Base-RHOSE-4.11:cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.aarch64",
"8Base-RHOSE-4.11:cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.ppc64le",
"8Base-RHOSE-4.11:cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.s390x",
"8Base-RHOSE-4.11:cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.src",
"8Base-RHOSE-4.11:cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.x86_64",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.aarch64",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.ppc64le",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.s390x",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.x86_64",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.aarch64",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.ppc64le",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.s390x",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.x86_64",
"8Base-RHOSE-4.11:cri-tools-0:1.24.2-7.el8.aarch64",
"8Base-RHOSE-4.11:cri-tools-0:1.24.2-7.el8.ppc64le",
"8Base-RHOSE-4.11:cri-tools-0:1.24.2-7.el8.s390x",
"8Base-RHOSE-4.11:cri-tools-0:1.24.2-7.el8.src",
"8Base-RHOSE-4.11:cri-tools-0:1.24.2-7.el8.x86_64",
"8Base-RHOSE-4.11:cri-tools-debuginfo-0:1.24.2-7.el8.aarch64",
"8Base-RHOSE-4.11:cri-tools-debuginfo-0:1.24.2-7.el8.ppc64le",
"8Base-RHOSE-4.11:cri-tools-debuginfo-0:1.24.2-7.el8.s390x",
"8Base-RHOSE-4.11:cri-tools-debuginfo-0:1.24.2-7.el8.x86_64",
"8Base-RHOSE-4.11:cri-tools-debugsource-0:1.24.2-7.el8.aarch64",
"8Base-RHOSE-4.11:cri-tools-debugsource-0:1.24.2-7.el8.ppc64le",
"8Base-RHOSE-4.11:cri-tools-debugsource-0:1.24.2-7.el8.s390x",
"8Base-RHOSE-4.11:cri-tools-debugsource-0:1.24.2-7.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8626"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.11:cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.aarch64",
"8Base-RHOSE-4.11:cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.ppc64le",
"8Base-RHOSE-4.11:cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.s390x",
"8Base-RHOSE-4.11:cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.src",
"8Base-RHOSE-4.11:cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.x86_64",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.aarch64",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.ppc64le",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.s390x",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.x86_64",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.aarch64",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.ppc64le",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.s390x",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.x86_64",
"8Base-RHOSE-4.11:cri-tools-0:1.24.2-7.el8.aarch64",
"8Base-RHOSE-4.11:cri-tools-0:1.24.2-7.el8.ppc64le",
"8Base-RHOSE-4.11:cri-tools-0:1.24.2-7.el8.s390x",
"8Base-RHOSE-4.11:cri-tools-0:1.24.2-7.el8.src",
"8Base-RHOSE-4.11:cri-tools-0:1.24.2-7.el8.x86_64",
"8Base-RHOSE-4.11:cri-tools-debuginfo-0:1.24.2-7.el8.aarch64",
"8Base-RHOSE-4.11:cri-tools-debuginfo-0:1.24.2-7.el8.ppc64le",
"8Base-RHOSE-4.11:cri-tools-debuginfo-0:1.24.2-7.el8.s390x",
"8Base-RHOSE-4.11:cri-tools-debuginfo-0:1.24.2-7.el8.x86_64",
"8Base-RHOSE-4.11:cri-tools-debugsource-0:1.24.2-7.el8.aarch64",
"8Base-RHOSE-4.11:cri-tools-debugsource-0:1.24.2-7.el8.ppc64le",
"8Base-RHOSE-4.11:cri-tools-debugsource-0:1.24.2-7.el8.s390x",
"8Base-RHOSE-4.11:cri-tools-debugsource-0:1.24.2-7.el8.x86_64",
"8Base-RHOSE-4.11:ignition-0:2.14.0-5.rhaos4.11.el8.aarch64",
"8Base-RHOSE-4.11:ignition-0:2.14.0-5.rhaos4.11.el8.ppc64le",
"8Base-RHOSE-4.11:ignition-0:2.14.0-5.rhaos4.11.el8.s390x",
"8Base-RHOSE-4.11:ignition-0:2.14.0-5.rhaos4.11.el8.src",
"8Base-RHOSE-4.11:ignition-0:2.14.0-5.rhaos4.11.el8.x86_64",
"8Base-RHOSE-4.11:ignition-debuginfo-0:2.14.0-5.rhaos4.11.el8.aarch64",
"8Base-RHOSE-4.11:ignition-debuginfo-0:2.14.0-5.rhaos4.11.el8.ppc64le",
"8Base-RHOSE-4.11:ignition-debuginfo-0:2.14.0-5.rhaos4.11.el8.s390x",
"8Base-RHOSE-4.11:ignition-debuginfo-0:2.14.0-5.rhaos4.11.el8.x86_64",
"8Base-RHOSE-4.11:ignition-debugsource-0:2.14.0-5.rhaos4.11.el8.aarch64",
"8Base-RHOSE-4.11:ignition-debugsource-0:2.14.0-5.rhaos4.11.el8.ppc64le",
"8Base-RHOSE-4.11:ignition-debugsource-0:2.14.0-5.rhaos4.11.el8.s390x",
"8Base-RHOSE-4.11:ignition-debugsource-0:2.14.0-5.rhaos4.11.el8.x86_64",
"8Base-RHOSE-4.11:ignition-validate-0:2.14.0-5.rhaos4.11.el8.aarch64",
"8Base-RHOSE-4.11:ignition-validate-0:2.14.0-5.rhaos4.11.el8.ppc64le",
"8Base-RHOSE-4.11:ignition-validate-0:2.14.0-5.rhaos4.11.el8.s390x",
"8Base-RHOSE-4.11:ignition-validate-0:2.14.0-5.rhaos4.11.el8.x86_64",
"8Base-RHOSE-4.11:ignition-validate-debuginfo-0:2.14.0-5.rhaos4.11.el8.aarch64",
"8Base-RHOSE-4.11:ignition-validate-debuginfo-0:2.14.0-5.rhaos4.11.el8.ppc64le",
"8Base-RHOSE-4.11:ignition-validate-debuginfo-0:2.14.0-5.rhaos4.11.el8.s390x",
"8Base-RHOSE-4.11:ignition-validate-debuginfo-0:2.14.0-5.rhaos4.11.el8.x86_64",
"8Base-RHOSE-4.11:openshift-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.src",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.aarch64",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.s390x",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.x86_64",
"8Base-RHOSE-IRONIC-4.11:python-sushy-0:4.1.3-0.20221107175431.1da4385.el8.src",
"8Base-RHOSE-IRONIC-4.11:python3-sushy-0:4.1.3-0.20221107175431.1da4385.el8.noarch",
"8Base-RHOSE-IRONIC-4.11:python3-sushy-tests-0:4.1.3-0.20221107175431.1da4385.el8.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: improper sanitization of Transfer-Encoding header"
},
{
"cve": "CVE-2022-27664",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-09-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSE-4.11:cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.aarch64",
"8Base-RHOSE-4.11:cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.ppc64le",
"8Base-RHOSE-4.11:cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.s390x",
"8Base-RHOSE-4.11:cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.src",
"8Base-RHOSE-4.11:cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.x86_64",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.aarch64",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.ppc64le",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.s390x",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.x86_64",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.aarch64",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.ppc64le",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.s390x",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.x86_64",
"8Base-RHOSE-4.11:ignition-0:2.14.0-5.rhaos4.11.el8.aarch64",
"8Base-RHOSE-4.11:ignition-0:2.14.0-5.rhaos4.11.el8.ppc64le",
"8Base-RHOSE-4.11:ignition-0:2.14.0-5.rhaos4.11.el8.s390x",
"8Base-RHOSE-4.11:ignition-0:2.14.0-5.rhaos4.11.el8.src",
"8Base-RHOSE-4.11:ignition-0:2.14.0-5.rhaos4.11.el8.x86_64",
"8Base-RHOSE-4.11:ignition-debuginfo-0:2.14.0-5.rhaos4.11.el8.aarch64",
"8Base-RHOSE-4.11:ignition-debuginfo-0:2.14.0-5.rhaos4.11.el8.ppc64le",
"8Base-RHOSE-4.11:ignition-debuginfo-0:2.14.0-5.rhaos4.11.el8.s390x",
"8Base-RHOSE-4.11:ignition-debuginfo-0:2.14.0-5.rhaos4.11.el8.x86_64",
"8Base-RHOSE-4.11:ignition-debugsource-0:2.14.0-5.rhaos4.11.el8.aarch64",
"8Base-RHOSE-4.11:ignition-debugsource-0:2.14.0-5.rhaos4.11.el8.ppc64le",
"8Base-RHOSE-4.11:ignition-debugsource-0:2.14.0-5.rhaos4.11.el8.s390x",
"8Base-RHOSE-4.11:ignition-debugsource-0:2.14.0-5.rhaos4.11.el8.x86_64",
"8Base-RHOSE-4.11:ignition-validate-0:2.14.0-5.rhaos4.11.el8.aarch64",
"8Base-RHOSE-4.11:ignition-validate-0:2.14.0-5.rhaos4.11.el8.ppc64le",
"8Base-RHOSE-4.11:ignition-validate-0:2.14.0-5.rhaos4.11.el8.s390x",
"8Base-RHOSE-4.11:ignition-validate-0:2.14.0-5.rhaos4.11.el8.x86_64",
"8Base-RHOSE-4.11:ignition-validate-debuginfo-0:2.14.0-5.rhaos4.11.el8.aarch64",
"8Base-RHOSE-4.11:ignition-validate-debuginfo-0:2.14.0-5.rhaos4.11.el8.ppc64le",
"8Base-RHOSE-4.11:ignition-validate-debuginfo-0:2.14.0-5.rhaos4.11.el8.s390x",
"8Base-RHOSE-4.11:ignition-validate-debuginfo-0:2.14.0-5.rhaos4.11.el8.x86_64",
"8Base-RHOSE-4.11:openshift-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.src",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.aarch64",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.s390x",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.x86_64",
"8Base-RHOSE-IRONIC-4.11:python-sushy-0:4.1.3-0.20221107175431.1da4385.el8.src",
"8Base-RHOSE-IRONIC-4.11:python3-sushy-0:4.1.3-0.20221107175431.1da4385.el8.noarch",
"8Base-RHOSE-IRONIC-4.11:python3-sushy-tests-0:4.1.3-0.20221107175431.1da4385.el8.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2124669"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: handle server errors after sending GOAWAY",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.11:cri-tools-0:1.24.2-7.el8.aarch64",
"8Base-RHOSE-4.11:cri-tools-0:1.24.2-7.el8.ppc64le",
"8Base-RHOSE-4.11:cri-tools-0:1.24.2-7.el8.s390x",
"8Base-RHOSE-4.11:cri-tools-0:1.24.2-7.el8.src",
"8Base-RHOSE-4.11:cri-tools-0:1.24.2-7.el8.x86_64",
"8Base-RHOSE-4.11:cri-tools-debuginfo-0:1.24.2-7.el8.aarch64",
"8Base-RHOSE-4.11:cri-tools-debuginfo-0:1.24.2-7.el8.ppc64le",
"8Base-RHOSE-4.11:cri-tools-debuginfo-0:1.24.2-7.el8.s390x",
"8Base-RHOSE-4.11:cri-tools-debuginfo-0:1.24.2-7.el8.x86_64",
"8Base-RHOSE-4.11:cri-tools-debugsource-0:1.24.2-7.el8.aarch64",
"8Base-RHOSE-4.11:cri-tools-debugsource-0:1.24.2-7.el8.ppc64le",
"8Base-RHOSE-4.11:cri-tools-debugsource-0:1.24.2-7.el8.s390x",
"8Base-RHOSE-4.11:cri-tools-debugsource-0:1.24.2-7.el8.x86_64"
],
"known_not_affected": [
"8Base-RHOSE-4.11:cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.aarch64",
"8Base-RHOSE-4.11:cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.ppc64le",
"8Base-RHOSE-4.11:cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.s390x",
"8Base-RHOSE-4.11:cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.src",
"8Base-RHOSE-4.11:cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.x86_64",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.aarch64",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.ppc64le",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.s390x",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.x86_64",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.aarch64",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.ppc64le",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.s390x",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.x86_64",
"8Base-RHOSE-4.11:ignition-0:2.14.0-5.rhaos4.11.el8.aarch64",
"8Base-RHOSE-4.11:ignition-0:2.14.0-5.rhaos4.11.el8.ppc64le",
"8Base-RHOSE-4.11:ignition-0:2.14.0-5.rhaos4.11.el8.s390x",
"8Base-RHOSE-4.11:ignition-0:2.14.0-5.rhaos4.11.el8.src",
"8Base-RHOSE-4.11:ignition-0:2.14.0-5.rhaos4.11.el8.x86_64",
"8Base-RHOSE-4.11:ignition-debuginfo-0:2.14.0-5.rhaos4.11.el8.aarch64",
"8Base-RHOSE-4.11:ignition-debuginfo-0:2.14.0-5.rhaos4.11.el8.ppc64le",
"8Base-RHOSE-4.11:ignition-debuginfo-0:2.14.0-5.rhaos4.11.el8.s390x",
"8Base-RHOSE-4.11:ignition-debuginfo-0:2.14.0-5.rhaos4.11.el8.x86_64",
"8Base-RHOSE-4.11:ignition-debugsource-0:2.14.0-5.rhaos4.11.el8.aarch64",
"8Base-RHOSE-4.11:ignition-debugsource-0:2.14.0-5.rhaos4.11.el8.ppc64le",
"8Base-RHOSE-4.11:ignition-debugsource-0:2.14.0-5.rhaos4.11.el8.s390x",
"8Base-RHOSE-4.11:ignition-debugsource-0:2.14.0-5.rhaos4.11.el8.x86_64",
"8Base-RHOSE-4.11:ignition-validate-0:2.14.0-5.rhaos4.11.el8.aarch64",
"8Base-RHOSE-4.11:ignition-validate-0:2.14.0-5.rhaos4.11.el8.ppc64le",
"8Base-RHOSE-4.11:ignition-validate-0:2.14.0-5.rhaos4.11.el8.s390x",
"8Base-RHOSE-4.11:ignition-validate-0:2.14.0-5.rhaos4.11.el8.x86_64",
"8Base-RHOSE-4.11:ignition-validate-debuginfo-0:2.14.0-5.rhaos4.11.el8.aarch64",
"8Base-RHOSE-4.11:ignition-validate-debuginfo-0:2.14.0-5.rhaos4.11.el8.ppc64le",
"8Base-RHOSE-4.11:ignition-validate-debuginfo-0:2.14.0-5.rhaos4.11.el8.s390x",
"8Base-RHOSE-4.11:ignition-validate-debuginfo-0:2.14.0-5.rhaos4.11.el8.x86_64",
"8Base-RHOSE-4.11:openshift-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.src",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.aarch64",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.s390x",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.x86_64",
"8Base-RHOSE-IRONIC-4.11:python-sushy-0:4.1.3-0.20221107175431.1da4385.el8.src",
"8Base-RHOSE-IRONIC-4.11:python3-sushy-0:4.1.3-0.20221107175431.1da4385.el8.noarch",
"8Base-RHOSE-IRONIC-4.11:python3-sushy-tests-0:4.1.3-0.20221107175431.1da4385.el8.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-27664"
},
{
"category": "external",
"summary": "RHBZ#2124669",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124669"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-27664",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27664"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-27664",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27664"
},
{
"category": "external",
"summary": "https://go.dev/issue/54658",
"url": "https://go.dev/issue/54658"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ",
"url": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ"
}
],
"release_date": "2022-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-28T20:47:08+00:00",
"details": "See the following documentation, which will be updated shortly for this\nrelease, for important instructions on how to upgrade your cluster and\nfully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html",
"product_ids": [
"8Base-RHOSE-4.11:cri-tools-0:1.24.2-7.el8.aarch64",
"8Base-RHOSE-4.11:cri-tools-0:1.24.2-7.el8.ppc64le",
"8Base-RHOSE-4.11:cri-tools-0:1.24.2-7.el8.s390x",
"8Base-RHOSE-4.11:cri-tools-0:1.24.2-7.el8.src",
"8Base-RHOSE-4.11:cri-tools-0:1.24.2-7.el8.x86_64",
"8Base-RHOSE-4.11:cri-tools-debuginfo-0:1.24.2-7.el8.aarch64",
"8Base-RHOSE-4.11:cri-tools-debuginfo-0:1.24.2-7.el8.ppc64le",
"8Base-RHOSE-4.11:cri-tools-debuginfo-0:1.24.2-7.el8.s390x",
"8Base-RHOSE-4.11:cri-tools-debuginfo-0:1.24.2-7.el8.x86_64",
"8Base-RHOSE-4.11:cri-tools-debugsource-0:1.24.2-7.el8.aarch64",
"8Base-RHOSE-4.11:cri-tools-debugsource-0:1.24.2-7.el8.ppc64le",
"8Base-RHOSE-4.11:cri-tools-debugsource-0:1.24.2-7.el8.s390x",
"8Base-RHOSE-4.11:cri-tools-debugsource-0:1.24.2-7.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8626"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.11:cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.aarch64",
"8Base-RHOSE-4.11:cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.ppc64le",
"8Base-RHOSE-4.11:cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.s390x",
"8Base-RHOSE-4.11:cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.src",
"8Base-RHOSE-4.11:cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.x86_64",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.aarch64",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.ppc64le",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.s390x",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.x86_64",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.aarch64",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.ppc64le",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.s390x",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.x86_64",
"8Base-RHOSE-4.11:cri-tools-0:1.24.2-7.el8.aarch64",
"8Base-RHOSE-4.11:cri-tools-0:1.24.2-7.el8.ppc64le",
"8Base-RHOSE-4.11:cri-tools-0:1.24.2-7.el8.s390x",
"8Base-RHOSE-4.11:cri-tools-0:1.24.2-7.el8.src",
"8Base-RHOSE-4.11:cri-tools-0:1.24.2-7.el8.x86_64",
"8Base-RHOSE-4.11:cri-tools-debuginfo-0:1.24.2-7.el8.aarch64",
"8Base-RHOSE-4.11:cri-tools-debuginfo-0:1.24.2-7.el8.ppc64le",
"8Base-RHOSE-4.11:cri-tools-debuginfo-0:1.24.2-7.el8.s390x",
"8Base-RHOSE-4.11:cri-tools-debuginfo-0:1.24.2-7.el8.x86_64",
"8Base-RHOSE-4.11:cri-tools-debugsource-0:1.24.2-7.el8.aarch64",
"8Base-RHOSE-4.11:cri-tools-debugsource-0:1.24.2-7.el8.ppc64le",
"8Base-RHOSE-4.11:cri-tools-debugsource-0:1.24.2-7.el8.s390x",
"8Base-RHOSE-4.11:cri-tools-debugsource-0:1.24.2-7.el8.x86_64",
"8Base-RHOSE-4.11:ignition-0:2.14.0-5.rhaos4.11.el8.aarch64",
"8Base-RHOSE-4.11:ignition-0:2.14.0-5.rhaos4.11.el8.ppc64le",
"8Base-RHOSE-4.11:ignition-0:2.14.0-5.rhaos4.11.el8.s390x",
"8Base-RHOSE-4.11:ignition-0:2.14.0-5.rhaos4.11.el8.src",
"8Base-RHOSE-4.11:ignition-0:2.14.0-5.rhaos4.11.el8.x86_64",
"8Base-RHOSE-4.11:ignition-debuginfo-0:2.14.0-5.rhaos4.11.el8.aarch64",
"8Base-RHOSE-4.11:ignition-debuginfo-0:2.14.0-5.rhaos4.11.el8.ppc64le",
"8Base-RHOSE-4.11:ignition-debuginfo-0:2.14.0-5.rhaos4.11.el8.s390x",
"8Base-RHOSE-4.11:ignition-debuginfo-0:2.14.0-5.rhaos4.11.el8.x86_64",
"8Base-RHOSE-4.11:ignition-debugsource-0:2.14.0-5.rhaos4.11.el8.aarch64",
"8Base-RHOSE-4.11:ignition-debugsource-0:2.14.0-5.rhaos4.11.el8.ppc64le",
"8Base-RHOSE-4.11:ignition-debugsource-0:2.14.0-5.rhaos4.11.el8.s390x",
"8Base-RHOSE-4.11:ignition-debugsource-0:2.14.0-5.rhaos4.11.el8.x86_64",
"8Base-RHOSE-4.11:ignition-validate-0:2.14.0-5.rhaos4.11.el8.aarch64",
"8Base-RHOSE-4.11:ignition-validate-0:2.14.0-5.rhaos4.11.el8.ppc64le",
"8Base-RHOSE-4.11:ignition-validate-0:2.14.0-5.rhaos4.11.el8.s390x",
"8Base-RHOSE-4.11:ignition-validate-0:2.14.0-5.rhaos4.11.el8.x86_64",
"8Base-RHOSE-4.11:ignition-validate-debuginfo-0:2.14.0-5.rhaos4.11.el8.aarch64",
"8Base-RHOSE-4.11:ignition-validate-debuginfo-0:2.14.0-5.rhaos4.11.el8.ppc64le",
"8Base-RHOSE-4.11:ignition-validate-debuginfo-0:2.14.0-5.rhaos4.11.el8.s390x",
"8Base-RHOSE-4.11:ignition-validate-debuginfo-0:2.14.0-5.rhaos4.11.el8.x86_64",
"8Base-RHOSE-4.11:openshift-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.src",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.aarch64",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.s390x",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.x86_64",
"8Base-RHOSE-IRONIC-4.11:python-sushy-0:4.1.3-0.20221107175431.1da4385.el8.src",
"8Base-RHOSE-IRONIC-4.11:python3-sushy-0:4.1.3-0.20221107175431.1da4385.el8.noarch",
"8Base-RHOSE-IRONIC-4.11:python3-sushy-tests-0:4.1.3-0.20221107175431.1da4385.el8.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: handle server errors after sending GOAWAY"
},
{
"cve": "CVE-2022-32148",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSE-4.11:cri-tools-0:1.24.2-7.el8.aarch64",
"8Base-RHOSE-4.11:cri-tools-0:1.24.2-7.el8.ppc64le",
"8Base-RHOSE-4.11:cri-tools-0:1.24.2-7.el8.s390x",
"8Base-RHOSE-4.11:cri-tools-0:1.24.2-7.el8.src",
"8Base-RHOSE-4.11:cri-tools-0:1.24.2-7.el8.x86_64",
"8Base-RHOSE-4.11:cri-tools-debuginfo-0:1.24.2-7.el8.aarch64",
"8Base-RHOSE-4.11:cri-tools-debuginfo-0:1.24.2-7.el8.ppc64le",
"8Base-RHOSE-4.11:cri-tools-debuginfo-0:1.24.2-7.el8.s390x",
"8Base-RHOSE-4.11:cri-tools-debuginfo-0:1.24.2-7.el8.x86_64",
"8Base-RHOSE-4.11:cri-tools-debugsource-0:1.24.2-7.el8.aarch64",
"8Base-RHOSE-4.11:cri-tools-debugsource-0:1.24.2-7.el8.ppc64le",
"8Base-RHOSE-4.11:cri-tools-debugsource-0:1.24.2-7.el8.s390x",
"8Base-RHOSE-4.11:cri-tools-debugsource-0:1.24.2-7.el8.x86_64",
"8Base-RHOSE-4.11:ignition-0:2.14.0-5.rhaos4.11.el8.aarch64",
"8Base-RHOSE-4.11:ignition-0:2.14.0-5.rhaos4.11.el8.ppc64le",
"8Base-RHOSE-4.11:ignition-0:2.14.0-5.rhaos4.11.el8.s390x",
"8Base-RHOSE-4.11:ignition-0:2.14.0-5.rhaos4.11.el8.src",
"8Base-RHOSE-4.11:ignition-0:2.14.0-5.rhaos4.11.el8.x86_64",
"8Base-RHOSE-4.11:ignition-debuginfo-0:2.14.0-5.rhaos4.11.el8.aarch64",
"8Base-RHOSE-4.11:ignition-debuginfo-0:2.14.0-5.rhaos4.11.el8.ppc64le",
"8Base-RHOSE-4.11:ignition-debuginfo-0:2.14.0-5.rhaos4.11.el8.s390x",
"8Base-RHOSE-4.11:ignition-debuginfo-0:2.14.0-5.rhaos4.11.el8.x86_64",
"8Base-RHOSE-4.11:ignition-debugsource-0:2.14.0-5.rhaos4.11.el8.aarch64",
"8Base-RHOSE-4.11:ignition-debugsource-0:2.14.0-5.rhaos4.11.el8.ppc64le",
"8Base-RHOSE-4.11:ignition-debugsource-0:2.14.0-5.rhaos4.11.el8.s390x",
"8Base-RHOSE-4.11:ignition-debugsource-0:2.14.0-5.rhaos4.11.el8.x86_64",
"8Base-RHOSE-4.11:ignition-validate-0:2.14.0-5.rhaos4.11.el8.aarch64",
"8Base-RHOSE-4.11:ignition-validate-0:2.14.0-5.rhaos4.11.el8.ppc64le",
"8Base-RHOSE-4.11:ignition-validate-0:2.14.0-5.rhaos4.11.el8.s390x",
"8Base-RHOSE-4.11:ignition-validate-0:2.14.0-5.rhaos4.11.el8.x86_64",
"8Base-RHOSE-4.11:ignition-validate-debuginfo-0:2.14.0-5.rhaos4.11.el8.aarch64",
"8Base-RHOSE-4.11:ignition-validate-debuginfo-0:2.14.0-5.rhaos4.11.el8.ppc64le",
"8Base-RHOSE-4.11:ignition-validate-debuginfo-0:2.14.0-5.rhaos4.11.el8.s390x",
"8Base-RHOSE-4.11:ignition-validate-debuginfo-0:2.14.0-5.rhaos4.11.el8.x86_64",
"8Base-RHOSE-4.11:openshift-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.src",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.aarch64",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.s390x",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.x86_64",
"8Base-RHOSE-IRONIC-4.11:python-sushy-0:4.1.3-0.20221107175431.1da4385.el8.src",
"8Base-RHOSE-IRONIC-4.11:python3-sushy-0:4.1.3-0.20221107175431.1da4385.el8.noarch",
"8Base-RHOSE-IRONIC-4.11:python3-sushy-tests-0:4.1.3-0.20221107175431.1da4385.el8.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107383"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in net/http/httputil golang package. When httputil.ReverseProxy.ServeHTTP is called with a Request.Header map containing a nil value for the X-Forwarded-For header, ReverseProxy could set the client IP incorrectly. This issue may affect confidentiality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.11:cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.aarch64",
"8Base-RHOSE-4.11:cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.ppc64le",
"8Base-RHOSE-4.11:cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.s390x",
"8Base-RHOSE-4.11:cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.src",
"8Base-RHOSE-4.11:cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.x86_64",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.aarch64",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.ppc64le",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.s390x",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.x86_64",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.aarch64",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.ppc64le",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.s390x",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.x86_64"
],
"known_not_affected": [
"8Base-RHOSE-4.11:cri-tools-0:1.24.2-7.el8.aarch64",
"8Base-RHOSE-4.11:cri-tools-0:1.24.2-7.el8.ppc64le",
"8Base-RHOSE-4.11:cri-tools-0:1.24.2-7.el8.s390x",
"8Base-RHOSE-4.11:cri-tools-0:1.24.2-7.el8.src",
"8Base-RHOSE-4.11:cri-tools-0:1.24.2-7.el8.x86_64",
"8Base-RHOSE-4.11:cri-tools-debuginfo-0:1.24.2-7.el8.aarch64",
"8Base-RHOSE-4.11:cri-tools-debuginfo-0:1.24.2-7.el8.ppc64le",
"8Base-RHOSE-4.11:cri-tools-debuginfo-0:1.24.2-7.el8.s390x",
"8Base-RHOSE-4.11:cri-tools-debuginfo-0:1.24.2-7.el8.x86_64",
"8Base-RHOSE-4.11:cri-tools-debugsource-0:1.24.2-7.el8.aarch64",
"8Base-RHOSE-4.11:cri-tools-debugsource-0:1.24.2-7.el8.ppc64le",
"8Base-RHOSE-4.11:cri-tools-debugsource-0:1.24.2-7.el8.s390x",
"8Base-RHOSE-4.11:cri-tools-debugsource-0:1.24.2-7.el8.x86_64",
"8Base-RHOSE-4.11:ignition-0:2.14.0-5.rhaos4.11.el8.aarch64",
"8Base-RHOSE-4.11:ignition-0:2.14.0-5.rhaos4.11.el8.ppc64le",
"8Base-RHOSE-4.11:ignition-0:2.14.0-5.rhaos4.11.el8.s390x",
"8Base-RHOSE-4.11:ignition-0:2.14.0-5.rhaos4.11.el8.src",
"8Base-RHOSE-4.11:ignition-0:2.14.0-5.rhaos4.11.el8.x86_64",
"8Base-RHOSE-4.11:ignition-debuginfo-0:2.14.0-5.rhaos4.11.el8.aarch64",
"8Base-RHOSE-4.11:ignition-debuginfo-0:2.14.0-5.rhaos4.11.el8.ppc64le",
"8Base-RHOSE-4.11:ignition-debuginfo-0:2.14.0-5.rhaos4.11.el8.s390x",
"8Base-RHOSE-4.11:ignition-debuginfo-0:2.14.0-5.rhaos4.11.el8.x86_64",
"8Base-RHOSE-4.11:ignition-debugsource-0:2.14.0-5.rhaos4.11.el8.aarch64",
"8Base-RHOSE-4.11:ignition-debugsource-0:2.14.0-5.rhaos4.11.el8.ppc64le",
"8Base-RHOSE-4.11:ignition-debugsource-0:2.14.0-5.rhaos4.11.el8.s390x",
"8Base-RHOSE-4.11:ignition-debugsource-0:2.14.0-5.rhaos4.11.el8.x86_64",
"8Base-RHOSE-4.11:ignition-validate-0:2.14.0-5.rhaos4.11.el8.aarch64",
"8Base-RHOSE-4.11:ignition-validate-0:2.14.0-5.rhaos4.11.el8.ppc64le",
"8Base-RHOSE-4.11:ignition-validate-0:2.14.0-5.rhaos4.11.el8.s390x",
"8Base-RHOSE-4.11:ignition-validate-0:2.14.0-5.rhaos4.11.el8.x86_64",
"8Base-RHOSE-4.11:ignition-validate-debuginfo-0:2.14.0-5.rhaos4.11.el8.aarch64",
"8Base-RHOSE-4.11:ignition-validate-debuginfo-0:2.14.0-5.rhaos4.11.el8.ppc64le",
"8Base-RHOSE-4.11:ignition-validate-debuginfo-0:2.14.0-5.rhaos4.11.el8.s390x",
"8Base-RHOSE-4.11:ignition-validate-debuginfo-0:2.14.0-5.rhaos4.11.el8.x86_64",
"8Base-RHOSE-4.11:openshift-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.src",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.aarch64",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.s390x",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.x86_64",
"8Base-RHOSE-IRONIC-4.11:python-sushy-0:4.1.3-0.20221107175431.1da4385.el8.src",
"8Base-RHOSE-IRONIC-4.11:python3-sushy-0:4.1.3-0.20221107175431.1da4385.el8.noarch",
"8Base-RHOSE-IRONIC-4.11:python3-sushy-tests-0:4.1.3-0.20221107175431.1da4385.el8.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-32148"
},
{
"category": "external",
"summary": "RHBZ#2107383",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107383"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-32148",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32148"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32148",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32148"
},
{
"category": "external",
"summary": "https://go.dev/issue/53423",
"url": "https://go.dev/issue/53423"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-28T20:47:08+00:00",
"details": "See the following documentation, which will be updated shortly for this\nrelease, for important instructions on how to upgrade your cluster and\nfully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html",
"product_ids": [
"8Base-RHOSE-4.11:cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.aarch64",
"8Base-RHOSE-4.11:cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.ppc64le",
"8Base-RHOSE-4.11:cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.s390x",
"8Base-RHOSE-4.11:cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.src",
"8Base-RHOSE-4.11:cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.x86_64",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.aarch64",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.ppc64le",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.s390x",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.x86_64",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.aarch64",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.ppc64le",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.s390x",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8626"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.11:cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.aarch64",
"8Base-RHOSE-4.11:cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.ppc64le",
"8Base-RHOSE-4.11:cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.s390x",
"8Base-RHOSE-4.11:cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.src",
"8Base-RHOSE-4.11:cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.x86_64",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.aarch64",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.ppc64le",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.s390x",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.x86_64",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.aarch64",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.ppc64le",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.s390x",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.x86_64",
"8Base-RHOSE-4.11:cri-tools-0:1.24.2-7.el8.aarch64",
"8Base-RHOSE-4.11:cri-tools-0:1.24.2-7.el8.ppc64le",
"8Base-RHOSE-4.11:cri-tools-0:1.24.2-7.el8.s390x",
"8Base-RHOSE-4.11:cri-tools-0:1.24.2-7.el8.src",
"8Base-RHOSE-4.11:cri-tools-0:1.24.2-7.el8.x86_64",
"8Base-RHOSE-4.11:cri-tools-debuginfo-0:1.24.2-7.el8.aarch64",
"8Base-RHOSE-4.11:cri-tools-debuginfo-0:1.24.2-7.el8.ppc64le",
"8Base-RHOSE-4.11:cri-tools-debuginfo-0:1.24.2-7.el8.s390x",
"8Base-RHOSE-4.11:cri-tools-debuginfo-0:1.24.2-7.el8.x86_64",
"8Base-RHOSE-4.11:cri-tools-debugsource-0:1.24.2-7.el8.aarch64",
"8Base-RHOSE-4.11:cri-tools-debugsource-0:1.24.2-7.el8.ppc64le",
"8Base-RHOSE-4.11:cri-tools-debugsource-0:1.24.2-7.el8.s390x",
"8Base-RHOSE-4.11:cri-tools-debugsource-0:1.24.2-7.el8.x86_64",
"8Base-RHOSE-4.11:ignition-0:2.14.0-5.rhaos4.11.el8.aarch64",
"8Base-RHOSE-4.11:ignition-0:2.14.0-5.rhaos4.11.el8.ppc64le",
"8Base-RHOSE-4.11:ignition-0:2.14.0-5.rhaos4.11.el8.s390x",
"8Base-RHOSE-4.11:ignition-0:2.14.0-5.rhaos4.11.el8.src",
"8Base-RHOSE-4.11:ignition-0:2.14.0-5.rhaos4.11.el8.x86_64",
"8Base-RHOSE-4.11:ignition-debuginfo-0:2.14.0-5.rhaos4.11.el8.aarch64",
"8Base-RHOSE-4.11:ignition-debuginfo-0:2.14.0-5.rhaos4.11.el8.ppc64le",
"8Base-RHOSE-4.11:ignition-debuginfo-0:2.14.0-5.rhaos4.11.el8.s390x",
"8Base-RHOSE-4.11:ignition-debuginfo-0:2.14.0-5.rhaos4.11.el8.x86_64",
"8Base-RHOSE-4.11:ignition-debugsource-0:2.14.0-5.rhaos4.11.el8.aarch64",
"8Base-RHOSE-4.11:ignition-debugsource-0:2.14.0-5.rhaos4.11.el8.ppc64le",
"8Base-RHOSE-4.11:ignition-debugsource-0:2.14.0-5.rhaos4.11.el8.s390x",
"8Base-RHOSE-4.11:ignition-debugsource-0:2.14.0-5.rhaos4.11.el8.x86_64",
"8Base-RHOSE-4.11:ignition-validate-0:2.14.0-5.rhaos4.11.el8.aarch64",
"8Base-RHOSE-4.11:ignition-validate-0:2.14.0-5.rhaos4.11.el8.ppc64le",
"8Base-RHOSE-4.11:ignition-validate-0:2.14.0-5.rhaos4.11.el8.s390x",
"8Base-RHOSE-4.11:ignition-validate-0:2.14.0-5.rhaos4.11.el8.x86_64",
"8Base-RHOSE-4.11:ignition-validate-debuginfo-0:2.14.0-5.rhaos4.11.el8.aarch64",
"8Base-RHOSE-4.11:ignition-validate-debuginfo-0:2.14.0-5.rhaos4.11.el8.ppc64le",
"8Base-RHOSE-4.11:ignition-validate-debuginfo-0:2.14.0-5.rhaos4.11.el8.s390x",
"8Base-RHOSE-4.11:ignition-validate-debuginfo-0:2.14.0-5.rhaos4.11.el8.x86_64",
"8Base-RHOSE-4.11:openshift-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.src",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.aarch64",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.s390x",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.x86_64",
"8Base-RHOSE-IRONIC-4.11:python-sushy-0:4.1.3-0.20221107175431.1da4385.el8.src",
"8Base-RHOSE-IRONIC-4.11:python3-sushy-0:4.1.3-0.20221107175431.1da4385.el8.noarch",
"8Base-RHOSE-IRONIC-4.11:python3-sushy-tests-0:4.1.3-0.20221107175431.1da4385.el8.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working"
},
{
"cve": "CVE-2022-32189",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-08-02T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSE-4.11:openshift-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.src",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.aarch64",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.s390x",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.x86_64",
"8Base-RHOSE-IRONIC-4.11:python-sushy-0:4.1.3-0.20221107175431.1da4385.el8.src",
"8Base-RHOSE-IRONIC-4.11:python3-sushy-0:4.1.3-0.20221107175431.1da4385.el8.noarch",
"8Base-RHOSE-IRONIC-4.11:python3-sushy-tests-0:4.1.3-0.20221107175431.1da4385.el8.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2113814"
}
],
"notes": [
{
"category": "description",
"text": "An uncontrolled resource consumption flaw was found in Golang math/big. A too-short encoded message can cause a panic in Float.GobDecode and Rat.GobDecode in math/big in Go, potentially allowing an attacker to create a denial of service, impacting availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw stems from a particular and specific method (GoBDecode) which isn\u0027t commonly used. There are few components within Red Hat offerings which call this function. In rare cases where this method is called, the component limits possible damage or it is not possible to be triggered by an attacker. For these combined reasons the impact has been downgraded to Low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.11:cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.aarch64",
"8Base-RHOSE-4.11:cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.ppc64le",
"8Base-RHOSE-4.11:cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.s390x",
"8Base-RHOSE-4.11:cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.src",
"8Base-RHOSE-4.11:cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.x86_64",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.aarch64",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.ppc64le",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.s390x",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.x86_64",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.aarch64",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.ppc64le",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.s390x",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.x86_64",
"8Base-RHOSE-4.11:cri-tools-0:1.24.2-7.el8.aarch64",
"8Base-RHOSE-4.11:cri-tools-0:1.24.2-7.el8.ppc64le",
"8Base-RHOSE-4.11:cri-tools-0:1.24.2-7.el8.s390x",
"8Base-RHOSE-4.11:cri-tools-0:1.24.2-7.el8.src",
"8Base-RHOSE-4.11:cri-tools-0:1.24.2-7.el8.x86_64",
"8Base-RHOSE-4.11:cri-tools-debuginfo-0:1.24.2-7.el8.aarch64",
"8Base-RHOSE-4.11:cri-tools-debuginfo-0:1.24.2-7.el8.ppc64le",
"8Base-RHOSE-4.11:cri-tools-debuginfo-0:1.24.2-7.el8.s390x",
"8Base-RHOSE-4.11:cri-tools-debuginfo-0:1.24.2-7.el8.x86_64",
"8Base-RHOSE-4.11:cri-tools-debugsource-0:1.24.2-7.el8.aarch64",
"8Base-RHOSE-4.11:cri-tools-debugsource-0:1.24.2-7.el8.ppc64le",
"8Base-RHOSE-4.11:cri-tools-debugsource-0:1.24.2-7.el8.s390x",
"8Base-RHOSE-4.11:cri-tools-debugsource-0:1.24.2-7.el8.x86_64",
"8Base-RHOSE-4.11:ignition-0:2.14.0-5.rhaos4.11.el8.aarch64",
"8Base-RHOSE-4.11:ignition-0:2.14.0-5.rhaos4.11.el8.ppc64le",
"8Base-RHOSE-4.11:ignition-0:2.14.0-5.rhaos4.11.el8.s390x",
"8Base-RHOSE-4.11:ignition-0:2.14.0-5.rhaos4.11.el8.src",
"8Base-RHOSE-4.11:ignition-0:2.14.0-5.rhaos4.11.el8.x86_64",
"8Base-RHOSE-4.11:ignition-debuginfo-0:2.14.0-5.rhaos4.11.el8.aarch64",
"8Base-RHOSE-4.11:ignition-debuginfo-0:2.14.0-5.rhaos4.11.el8.ppc64le",
"8Base-RHOSE-4.11:ignition-debuginfo-0:2.14.0-5.rhaos4.11.el8.s390x",
"8Base-RHOSE-4.11:ignition-debuginfo-0:2.14.0-5.rhaos4.11.el8.x86_64",
"8Base-RHOSE-4.11:ignition-debugsource-0:2.14.0-5.rhaos4.11.el8.aarch64",
"8Base-RHOSE-4.11:ignition-debugsource-0:2.14.0-5.rhaos4.11.el8.ppc64le",
"8Base-RHOSE-4.11:ignition-debugsource-0:2.14.0-5.rhaos4.11.el8.s390x",
"8Base-RHOSE-4.11:ignition-debugsource-0:2.14.0-5.rhaos4.11.el8.x86_64",
"8Base-RHOSE-4.11:ignition-validate-0:2.14.0-5.rhaos4.11.el8.aarch64",
"8Base-RHOSE-4.11:ignition-validate-0:2.14.0-5.rhaos4.11.el8.ppc64le",
"8Base-RHOSE-4.11:ignition-validate-0:2.14.0-5.rhaos4.11.el8.s390x",
"8Base-RHOSE-4.11:ignition-validate-0:2.14.0-5.rhaos4.11.el8.x86_64",
"8Base-RHOSE-4.11:ignition-validate-debuginfo-0:2.14.0-5.rhaos4.11.el8.aarch64",
"8Base-RHOSE-4.11:ignition-validate-debuginfo-0:2.14.0-5.rhaos4.11.el8.ppc64le",
"8Base-RHOSE-4.11:ignition-validate-debuginfo-0:2.14.0-5.rhaos4.11.el8.s390x",
"8Base-RHOSE-4.11:ignition-validate-debuginfo-0:2.14.0-5.rhaos4.11.el8.x86_64"
],
"known_not_affected": [
"8Base-RHOSE-4.11:openshift-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.src",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.aarch64",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.s390x",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.x86_64",
"8Base-RHOSE-IRONIC-4.11:python-sushy-0:4.1.3-0.20221107175431.1da4385.el8.src",
"8Base-RHOSE-IRONIC-4.11:python3-sushy-0:4.1.3-0.20221107175431.1da4385.el8.noarch",
"8Base-RHOSE-IRONIC-4.11:python3-sushy-tests-0:4.1.3-0.20221107175431.1da4385.el8.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-32189"
},
{
"category": "external",
"summary": "RHBZ#2113814",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2113814"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-32189",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32189"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32189",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32189"
},
{
"category": "external",
"summary": "https://go.dev/issue/53871",
"url": "https://go.dev/issue/53871"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-nuts/c/DCFSyTGM0wU",
"url": "https://groups.google.com/g/golang-nuts/c/DCFSyTGM0wU"
}
],
"release_date": "2022-08-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-28T20:47:08+00:00",
"details": "See the following documentation, which will be updated shortly for this\nrelease, for important instructions on how to upgrade your cluster and\nfully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html",
"product_ids": [
"8Base-RHOSE-4.11:cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.aarch64",
"8Base-RHOSE-4.11:cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.ppc64le",
"8Base-RHOSE-4.11:cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.s390x",
"8Base-RHOSE-4.11:cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.src",
"8Base-RHOSE-4.11:cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.x86_64",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.aarch64",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.ppc64le",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.s390x",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.x86_64",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.aarch64",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.ppc64le",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.s390x",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.x86_64",
"8Base-RHOSE-4.11:cri-tools-0:1.24.2-7.el8.aarch64",
"8Base-RHOSE-4.11:cri-tools-0:1.24.2-7.el8.ppc64le",
"8Base-RHOSE-4.11:cri-tools-0:1.24.2-7.el8.s390x",
"8Base-RHOSE-4.11:cri-tools-0:1.24.2-7.el8.src",
"8Base-RHOSE-4.11:cri-tools-0:1.24.2-7.el8.x86_64",
"8Base-RHOSE-4.11:cri-tools-debuginfo-0:1.24.2-7.el8.aarch64",
"8Base-RHOSE-4.11:cri-tools-debuginfo-0:1.24.2-7.el8.ppc64le",
"8Base-RHOSE-4.11:cri-tools-debuginfo-0:1.24.2-7.el8.s390x",
"8Base-RHOSE-4.11:cri-tools-debuginfo-0:1.24.2-7.el8.x86_64",
"8Base-RHOSE-4.11:cri-tools-debugsource-0:1.24.2-7.el8.aarch64",
"8Base-RHOSE-4.11:cri-tools-debugsource-0:1.24.2-7.el8.ppc64le",
"8Base-RHOSE-4.11:cri-tools-debugsource-0:1.24.2-7.el8.s390x",
"8Base-RHOSE-4.11:cri-tools-debugsource-0:1.24.2-7.el8.x86_64",
"8Base-RHOSE-4.11:ignition-0:2.14.0-5.rhaos4.11.el8.aarch64",
"8Base-RHOSE-4.11:ignition-0:2.14.0-5.rhaos4.11.el8.ppc64le",
"8Base-RHOSE-4.11:ignition-0:2.14.0-5.rhaos4.11.el8.s390x",
"8Base-RHOSE-4.11:ignition-0:2.14.0-5.rhaos4.11.el8.src",
"8Base-RHOSE-4.11:ignition-0:2.14.0-5.rhaos4.11.el8.x86_64",
"8Base-RHOSE-4.11:ignition-debuginfo-0:2.14.0-5.rhaos4.11.el8.aarch64",
"8Base-RHOSE-4.11:ignition-debuginfo-0:2.14.0-5.rhaos4.11.el8.ppc64le",
"8Base-RHOSE-4.11:ignition-debuginfo-0:2.14.0-5.rhaos4.11.el8.s390x",
"8Base-RHOSE-4.11:ignition-debuginfo-0:2.14.0-5.rhaos4.11.el8.x86_64",
"8Base-RHOSE-4.11:ignition-debugsource-0:2.14.0-5.rhaos4.11.el8.aarch64",
"8Base-RHOSE-4.11:ignition-debugsource-0:2.14.0-5.rhaos4.11.el8.ppc64le",
"8Base-RHOSE-4.11:ignition-debugsource-0:2.14.0-5.rhaos4.11.el8.s390x",
"8Base-RHOSE-4.11:ignition-debugsource-0:2.14.0-5.rhaos4.11.el8.x86_64",
"8Base-RHOSE-4.11:ignition-validate-0:2.14.0-5.rhaos4.11.el8.aarch64",
"8Base-RHOSE-4.11:ignition-validate-0:2.14.0-5.rhaos4.11.el8.ppc64le",
"8Base-RHOSE-4.11:ignition-validate-0:2.14.0-5.rhaos4.11.el8.s390x",
"8Base-RHOSE-4.11:ignition-validate-0:2.14.0-5.rhaos4.11.el8.x86_64",
"8Base-RHOSE-4.11:ignition-validate-debuginfo-0:2.14.0-5.rhaos4.11.el8.aarch64",
"8Base-RHOSE-4.11:ignition-validate-debuginfo-0:2.14.0-5.rhaos4.11.el8.ppc64le",
"8Base-RHOSE-4.11:ignition-validate-debuginfo-0:2.14.0-5.rhaos4.11.el8.s390x",
"8Base-RHOSE-4.11:ignition-validate-debuginfo-0:2.14.0-5.rhaos4.11.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8626"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHOSE-4.11:cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.aarch64",
"8Base-RHOSE-4.11:cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.ppc64le",
"8Base-RHOSE-4.11:cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.s390x",
"8Base-RHOSE-4.11:cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.src",
"8Base-RHOSE-4.11:cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.x86_64",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.aarch64",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.ppc64le",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.s390x",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.x86_64",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.aarch64",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.ppc64le",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.s390x",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.x86_64",
"8Base-RHOSE-4.11:cri-tools-0:1.24.2-7.el8.aarch64",
"8Base-RHOSE-4.11:cri-tools-0:1.24.2-7.el8.ppc64le",
"8Base-RHOSE-4.11:cri-tools-0:1.24.2-7.el8.s390x",
"8Base-RHOSE-4.11:cri-tools-0:1.24.2-7.el8.src",
"8Base-RHOSE-4.11:cri-tools-0:1.24.2-7.el8.x86_64",
"8Base-RHOSE-4.11:cri-tools-debuginfo-0:1.24.2-7.el8.aarch64",
"8Base-RHOSE-4.11:cri-tools-debuginfo-0:1.24.2-7.el8.ppc64le",
"8Base-RHOSE-4.11:cri-tools-debuginfo-0:1.24.2-7.el8.s390x",
"8Base-RHOSE-4.11:cri-tools-debuginfo-0:1.24.2-7.el8.x86_64",
"8Base-RHOSE-4.11:cri-tools-debugsource-0:1.24.2-7.el8.aarch64",
"8Base-RHOSE-4.11:cri-tools-debugsource-0:1.24.2-7.el8.ppc64le",
"8Base-RHOSE-4.11:cri-tools-debugsource-0:1.24.2-7.el8.s390x",
"8Base-RHOSE-4.11:cri-tools-debugsource-0:1.24.2-7.el8.x86_64",
"8Base-RHOSE-4.11:ignition-0:2.14.0-5.rhaos4.11.el8.aarch64",
"8Base-RHOSE-4.11:ignition-0:2.14.0-5.rhaos4.11.el8.ppc64le",
"8Base-RHOSE-4.11:ignition-0:2.14.0-5.rhaos4.11.el8.s390x",
"8Base-RHOSE-4.11:ignition-0:2.14.0-5.rhaos4.11.el8.src",
"8Base-RHOSE-4.11:ignition-0:2.14.0-5.rhaos4.11.el8.x86_64",
"8Base-RHOSE-4.11:ignition-debuginfo-0:2.14.0-5.rhaos4.11.el8.aarch64",
"8Base-RHOSE-4.11:ignition-debuginfo-0:2.14.0-5.rhaos4.11.el8.ppc64le",
"8Base-RHOSE-4.11:ignition-debuginfo-0:2.14.0-5.rhaos4.11.el8.s390x",
"8Base-RHOSE-4.11:ignition-debuginfo-0:2.14.0-5.rhaos4.11.el8.x86_64",
"8Base-RHOSE-4.11:ignition-debugsource-0:2.14.0-5.rhaos4.11.el8.aarch64",
"8Base-RHOSE-4.11:ignition-debugsource-0:2.14.0-5.rhaos4.11.el8.ppc64le",
"8Base-RHOSE-4.11:ignition-debugsource-0:2.14.0-5.rhaos4.11.el8.s390x",
"8Base-RHOSE-4.11:ignition-debugsource-0:2.14.0-5.rhaos4.11.el8.x86_64",
"8Base-RHOSE-4.11:ignition-validate-0:2.14.0-5.rhaos4.11.el8.aarch64",
"8Base-RHOSE-4.11:ignition-validate-0:2.14.0-5.rhaos4.11.el8.ppc64le",
"8Base-RHOSE-4.11:ignition-validate-0:2.14.0-5.rhaos4.11.el8.s390x",
"8Base-RHOSE-4.11:ignition-validate-0:2.14.0-5.rhaos4.11.el8.x86_64",
"8Base-RHOSE-4.11:ignition-validate-debuginfo-0:2.14.0-5.rhaos4.11.el8.aarch64",
"8Base-RHOSE-4.11:ignition-validate-debuginfo-0:2.14.0-5.rhaos4.11.el8.ppc64le",
"8Base-RHOSE-4.11:ignition-validate-debuginfo-0:2.14.0-5.rhaos4.11.el8.s390x",
"8Base-RHOSE-4.11:ignition-validate-debuginfo-0:2.14.0-5.rhaos4.11.el8.x86_64",
"8Base-RHOSE-4.11:openshift-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.src",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.aarch64",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.s390x",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.x86_64",
"8Base-RHOSE-IRONIC-4.11:python-sushy-0:4.1.3-0.20221107175431.1da4385.el8.src",
"8Base-RHOSE-IRONIC-4.11:python3-sushy-0:4.1.3-0.20221107175431.1da4385.el8.noarch",
"8Base-RHOSE-IRONIC-4.11:python3-sushy-tests-0:4.1.3-0.20221107175431.1da4385.el8.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.11:cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.aarch64",
"8Base-RHOSE-4.11:cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.ppc64le",
"8Base-RHOSE-4.11:cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.s390x",
"8Base-RHOSE-4.11:cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.src",
"8Base-RHOSE-4.11:cri-o-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.x86_64",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.aarch64",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.ppc64le",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.s390x",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.x86_64",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.aarch64",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.ppc64le",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.s390x",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.3-6.rhaos4.11.gitc4567c0.el8.x86_64",
"8Base-RHOSE-4.11:cri-tools-0:1.24.2-7.el8.aarch64",
"8Base-RHOSE-4.11:cri-tools-0:1.24.2-7.el8.ppc64le",
"8Base-RHOSE-4.11:cri-tools-0:1.24.2-7.el8.s390x",
"8Base-RHOSE-4.11:cri-tools-0:1.24.2-7.el8.src",
"8Base-RHOSE-4.11:cri-tools-0:1.24.2-7.el8.x86_64",
"8Base-RHOSE-4.11:cri-tools-debuginfo-0:1.24.2-7.el8.aarch64",
"8Base-RHOSE-4.11:cri-tools-debuginfo-0:1.24.2-7.el8.ppc64le",
"8Base-RHOSE-4.11:cri-tools-debuginfo-0:1.24.2-7.el8.s390x",
"8Base-RHOSE-4.11:cri-tools-debuginfo-0:1.24.2-7.el8.x86_64",
"8Base-RHOSE-4.11:cri-tools-debugsource-0:1.24.2-7.el8.aarch64",
"8Base-RHOSE-4.11:cri-tools-debugsource-0:1.24.2-7.el8.ppc64le",
"8Base-RHOSE-4.11:cri-tools-debugsource-0:1.24.2-7.el8.s390x",
"8Base-RHOSE-4.11:cri-tools-debugsource-0:1.24.2-7.el8.x86_64",
"8Base-RHOSE-4.11:ignition-0:2.14.0-5.rhaos4.11.el8.aarch64",
"8Base-RHOSE-4.11:ignition-0:2.14.0-5.rhaos4.11.el8.ppc64le",
"8Base-RHOSE-4.11:ignition-0:2.14.0-5.rhaos4.11.el8.s390x",
"8Base-RHOSE-4.11:ignition-0:2.14.0-5.rhaos4.11.el8.src",
"8Base-RHOSE-4.11:ignition-0:2.14.0-5.rhaos4.11.el8.x86_64",
"8Base-RHOSE-4.11:ignition-debuginfo-0:2.14.0-5.rhaos4.11.el8.aarch64",
"8Base-RHOSE-4.11:ignition-debuginfo-0:2.14.0-5.rhaos4.11.el8.ppc64le",
"8Base-RHOSE-4.11:ignition-debuginfo-0:2.14.0-5.rhaos4.11.el8.s390x",
"8Base-RHOSE-4.11:ignition-debuginfo-0:2.14.0-5.rhaos4.11.el8.x86_64",
"8Base-RHOSE-4.11:ignition-debugsource-0:2.14.0-5.rhaos4.11.el8.aarch64",
"8Base-RHOSE-4.11:ignition-debugsource-0:2.14.0-5.rhaos4.11.el8.ppc64le",
"8Base-RHOSE-4.11:ignition-debugsource-0:2.14.0-5.rhaos4.11.el8.s390x",
"8Base-RHOSE-4.11:ignition-debugsource-0:2.14.0-5.rhaos4.11.el8.x86_64",
"8Base-RHOSE-4.11:ignition-validate-0:2.14.0-5.rhaos4.11.el8.aarch64",
"8Base-RHOSE-4.11:ignition-validate-0:2.14.0-5.rhaos4.11.el8.ppc64le",
"8Base-RHOSE-4.11:ignition-validate-0:2.14.0-5.rhaos4.11.el8.s390x",
"8Base-RHOSE-4.11:ignition-validate-0:2.14.0-5.rhaos4.11.el8.x86_64",
"8Base-RHOSE-4.11:ignition-validate-debuginfo-0:2.14.0-5.rhaos4.11.el8.aarch64",
"8Base-RHOSE-4.11:ignition-validate-debuginfo-0:2.14.0-5.rhaos4.11.el8.ppc64le",
"8Base-RHOSE-4.11:ignition-validate-debuginfo-0:2.14.0-5.rhaos4.11.el8.s390x",
"8Base-RHOSE-4.11:ignition-validate-debuginfo-0:2.14.0-5.rhaos4.11.el8.x86_64",
"8Base-RHOSE-4.11:openshift-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.src",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.aarch64",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.s390x",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202211091106.p0.g5658434.assembly.stream.el8.x86_64",
"8Base-RHOSE-IRONIC-4.11:python-sushy-0:4.1.3-0.20221107175431.1da4385.el8.src",
"8Base-RHOSE-IRONIC-4.11:python3-sushy-0:4.1.3-0.20221107175431.1da4385.el8.noarch",
"8Base-RHOSE-IRONIC-4.11:python3-sushy-tests-0:4.1.3-0.20221107175431.1da4385.el8.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service"
}
]
}
RHSA-2022:8634
Vulnerability from csaf_redhat - Published: 2022-11-28 02:51 - Updated: 2026-04-30 16:21Summary
Red Hat Security Advisory: OpenShift API for Data Protection (OADP) 1.1.1 security and bug fix update
Severity
Moderate
Notes
Topic: OpenShift API for Data Protection (OADP) 1.1.1 is now available.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
Details: OpenShift API for Data Protection (OADP) enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes.
Security Fix(es) from Bugzilla:
* golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191)
* golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)
* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)
* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)
* golang: net/url: JoinPath does not strip relative path components in all circumstances (CVE-2022-32190)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A broken cryptographic algorithm flaw was found in golang.org/x/crypto/ssh. This issue causes a client to fail authentication with RSA keys to servers that reject signature algorithms based on SHA-2, enabling an attacker to crash the server, resulting in a loss of availability.
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:182617afd959e3848332d7ddf8e852c8bce783ebd20819dae709f62707a48553_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:378a1164f6a4b373ceb3324c4763f22a698f7ea011ee2cba695103666e6a5d09_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:c1903bb813958cf463966e5373890f1100d20ea3b7acf7d29910c28d063b72be_ppc64le | — |
Vendor Fix
fix
|
Known not affected
33 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:36c41473747952825632ab37ace5230d035eb2b22437db43abc100774373bfff_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:4aed79cea350c699ffa3cddda3ffd5e1f00d46436ed4de7057161237661ae523_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:7a437c2304a2f8afe8116246ab7d984ea7bc474b075360ad25788eb20e418400_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2027f961b5eb33db40fba0d1037d3830b2e3a2de155ba37c03c0dd606a180b3e_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:bf295af188327b241546af2c4fda30b3915f76c8f05c7fadf1e120fafc95f276_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:eef2e1f2def5cd097ef5631e9d0c9d80b0ce936a09a9f4daa74ce1d60a5c29bc_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7eeaaa04427752f4ba63e3abd02899fb35a1ae7d015e3fe239283c47864f1127_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a037c78586906aee892976a712c3b7225fd7ec20d520f55ae24a898ef5a86d30_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a760acaf99548ee1782b665ce98ce7b6676eba294941e5b74c0d5a3ab5c5f9a3_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:a98b69c2bf5773a3527441ee44b51f27e50efb09fa73932e52598a6ba5a741eb_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:e7f8fb928593bf7504c195804bc1562cd3b9ffbc46bdb1d75e8e5c7558c76356_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:f756510de309cab2b9420e075ece2643cfe79c4c5bfa7c90f58ed06feb78775f_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:419731ee8118ac762e4115064832e71f1cda13552c40b727fc20c81b244d22a9_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:96343511b8cfe3ad9df3f5a1e2c51d3302d32b7eeeb6ea1e4822c8a6856d2d51_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:d7e7da1afcae5bc8510ab5c23517d8d28f96e47340016729088781a958213c01_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:349cbb1106879f862cd42f9c9af280046d339a9eded40428178f7453986d5b5b_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a3880a08c92474cd0e9cb3034eeeb6b6c5b7045359c1a19c9f0f98a144737188_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:b55afe58cdee505d05180e88dfcc0f630dcfa19a2bbec72d256e1d4e79141b99_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:9c095c3294dc83493db05fabe9bfef46a161074c486cf0ad46019c5d621ba586_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:a0fa3599feb43cfdd415ded5c311a4796713429c700a7089da01dc3b420e706c_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:daa244bd00fd98d46d05bb4bcb562178d50d138c00329199872f8d9f7ecf4160_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:079cc03ce02b8da51600ef0f50c7b979177da3faa48643fda991e26cb2979700_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:4d91ec9565f8bace77481e04f821680b760cc58134dbbe7ebf184d1aeec828b4_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:b2a7d30f3d367cac2637116ac5e79533dc79149631ed280fb6132cc92a5ea7aa_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:0b2f1f61c2fe58d4c78d4c2fa14ed8f643cce686239143cfd179701ca13c25fe_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:38ea3d805ff8b1b940974d3e1df14b9626b7f9be2c1df5c828edba35db6713a0_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:50095681181e1e145fbfdf0ed3d7586a69890c07636fb0397a9f4694e6f589ef_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:98fc312123a0d08b628601f674443825e915a54a91e89cbe0c47d8473b7be0b8_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:bcd91152819872f1ce051cdb8dd10a166ca917a6f4a40c1645bcc43a45e475fa_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:d7dfb48bcb7c385b5e403a161f9f75547191cbf9353d89655c49a49a507c3ff0_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:38bd37201f9c134251fe9ce946983e825e147dfda261c1fd226c8a8b811eb856_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:b20119014cbac4f356bd44052ec827df4eab1422aa5ed3ba7b0e0aa67c5d08ab_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:decf1467f5221c47d0e8926b0c603590393f630baa1973c8edae8494e2566dd4_amd64 | — |
Threats
Impact
Moderate
A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown.
6.5 (Medium)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:182617afd959e3848332d7ddf8e852c8bce783ebd20819dae709f62707a48553_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:378a1164f6a4b373ceb3324c4763f22a698f7ea011ee2cba695103666e6a5d09_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:c1903bb813958cf463966e5373890f1100d20ea3b7acf7d29910c28d063b72be_ppc64le | — |
Vendor Fix
fix
|
Known not affected
33 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:36c41473747952825632ab37ace5230d035eb2b22437db43abc100774373bfff_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:4aed79cea350c699ffa3cddda3ffd5e1f00d46436ed4de7057161237661ae523_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:7a437c2304a2f8afe8116246ab7d984ea7bc474b075360ad25788eb20e418400_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2027f961b5eb33db40fba0d1037d3830b2e3a2de155ba37c03c0dd606a180b3e_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:bf295af188327b241546af2c4fda30b3915f76c8f05c7fadf1e120fafc95f276_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:eef2e1f2def5cd097ef5631e9d0c9d80b0ce936a09a9f4daa74ce1d60a5c29bc_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7eeaaa04427752f4ba63e3abd02899fb35a1ae7d015e3fe239283c47864f1127_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a037c78586906aee892976a712c3b7225fd7ec20d520f55ae24a898ef5a86d30_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a760acaf99548ee1782b665ce98ce7b6676eba294941e5b74c0d5a3ab5c5f9a3_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:a98b69c2bf5773a3527441ee44b51f27e50efb09fa73932e52598a6ba5a741eb_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:e7f8fb928593bf7504c195804bc1562cd3b9ffbc46bdb1d75e8e5c7558c76356_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:f756510de309cab2b9420e075ece2643cfe79c4c5bfa7c90f58ed06feb78775f_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:419731ee8118ac762e4115064832e71f1cda13552c40b727fc20c81b244d22a9_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:96343511b8cfe3ad9df3f5a1e2c51d3302d32b7eeeb6ea1e4822c8a6856d2d51_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:d7e7da1afcae5bc8510ab5c23517d8d28f96e47340016729088781a958213c01_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:349cbb1106879f862cd42f9c9af280046d339a9eded40428178f7453986d5b5b_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a3880a08c92474cd0e9cb3034eeeb6b6c5b7045359c1a19c9f0f98a144737188_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:b55afe58cdee505d05180e88dfcc0f630dcfa19a2bbec72d256e1d4e79141b99_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:9c095c3294dc83493db05fabe9bfef46a161074c486cf0ad46019c5d621ba586_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:a0fa3599feb43cfdd415ded5c311a4796713429c700a7089da01dc3b420e706c_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:daa244bd00fd98d46d05bb4bcb562178d50d138c00329199872f8d9f7ecf4160_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:079cc03ce02b8da51600ef0f50c7b979177da3faa48643fda991e26cb2979700_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:4d91ec9565f8bace77481e04f821680b760cc58134dbbe7ebf184d1aeec828b4_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:b2a7d30f3d367cac2637116ac5e79533dc79149631ed280fb6132cc92a5ea7aa_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:0b2f1f61c2fe58d4c78d4c2fa14ed8f643cce686239143cfd179701ca13c25fe_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:38ea3d805ff8b1b940974d3e1df14b9626b7f9be2c1df5c828edba35db6713a0_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:50095681181e1e145fbfdf0ed3d7586a69890c07636fb0397a9f4694e6f589ef_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:98fc312123a0d08b628601f674443825e915a54a91e89cbe0c47d8473b7be0b8_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:bcd91152819872f1ce051cdb8dd10a166ca917a6f4a40c1645bcc43a45e475fa_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:d7dfb48bcb7c385b5e403a161f9f75547191cbf9353d89655c49a49a507c3ff0_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:38bd37201f9c134251fe9ce946983e825e147dfda261c1fd226c8a8b811eb856_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:b20119014cbac4f356bd44052ec827df4eab1422aa5ed3ba7b0e0aa67c5d08ab_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:decf1467f5221c47d0e8926b0c603590393f630baa1973c8edae8494e2566dd4_amd64 | — |
Threats
Impact
Moderate
A flaw was found in golang. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This can cause an attacker to impact availability.
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:182617afd959e3848332d7ddf8e852c8bce783ebd20819dae709f62707a48553_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:378a1164f6a4b373ceb3324c4763f22a698f7ea011ee2cba695103666e6a5d09_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:c1903bb813958cf463966e5373890f1100d20ea3b7acf7d29910c28d063b72be_ppc64le | — |
Vendor Fix
fix
|
Known not affected
33 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:36c41473747952825632ab37ace5230d035eb2b22437db43abc100774373bfff_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:4aed79cea350c699ffa3cddda3ffd5e1f00d46436ed4de7057161237661ae523_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:7a437c2304a2f8afe8116246ab7d984ea7bc474b075360ad25788eb20e418400_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2027f961b5eb33db40fba0d1037d3830b2e3a2de155ba37c03c0dd606a180b3e_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:bf295af188327b241546af2c4fda30b3915f76c8f05c7fadf1e120fafc95f276_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:eef2e1f2def5cd097ef5631e9d0c9d80b0ce936a09a9f4daa74ce1d60a5c29bc_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7eeaaa04427752f4ba63e3abd02899fb35a1ae7d015e3fe239283c47864f1127_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a037c78586906aee892976a712c3b7225fd7ec20d520f55ae24a898ef5a86d30_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a760acaf99548ee1782b665ce98ce7b6676eba294941e5b74c0d5a3ab5c5f9a3_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:a98b69c2bf5773a3527441ee44b51f27e50efb09fa73932e52598a6ba5a741eb_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:e7f8fb928593bf7504c195804bc1562cd3b9ffbc46bdb1d75e8e5c7558c76356_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:f756510de309cab2b9420e075ece2643cfe79c4c5bfa7c90f58ed06feb78775f_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:419731ee8118ac762e4115064832e71f1cda13552c40b727fc20c81b244d22a9_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:96343511b8cfe3ad9df3f5a1e2c51d3302d32b7eeeb6ea1e4822c8a6856d2d51_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:d7e7da1afcae5bc8510ab5c23517d8d28f96e47340016729088781a958213c01_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:349cbb1106879f862cd42f9c9af280046d339a9eded40428178f7453986d5b5b_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a3880a08c92474cd0e9cb3034eeeb6b6c5b7045359c1a19c9f0f98a144737188_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:b55afe58cdee505d05180e88dfcc0f630dcfa19a2bbec72d256e1d4e79141b99_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:9c095c3294dc83493db05fabe9bfef46a161074c486cf0ad46019c5d621ba586_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:a0fa3599feb43cfdd415ded5c311a4796713429c700a7089da01dc3b420e706c_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:daa244bd00fd98d46d05bb4bcb562178d50d138c00329199872f8d9f7ecf4160_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:079cc03ce02b8da51600ef0f50c7b979177da3faa48643fda991e26cb2979700_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:4d91ec9565f8bace77481e04f821680b760cc58134dbbe7ebf184d1aeec828b4_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:b2a7d30f3d367cac2637116ac5e79533dc79149631ed280fb6132cc92a5ea7aa_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:0b2f1f61c2fe58d4c78d4c2fa14ed8f643cce686239143cfd179701ca13c25fe_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:38ea3d805ff8b1b940974d3e1df14b9626b7f9be2c1df5c828edba35db6713a0_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:50095681181e1e145fbfdf0ed3d7586a69890c07636fb0397a9f4694e6f589ef_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:98fc312123a0d08b628601f674443825e915a54a91e89cbe0c47d8473b7be0b8_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:bcd91152819872f1ce051cdb8dd10a166ca917a6f4a40c1645bcc43a45e475fa_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:d7dfb48bcb7c385b5e403a161f9f75547191cbf9353d89655c49a49a507c3ff0_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:38bd37201f9c134251fe9ce946983e825e147dfda261c1fd226c8a8b811eb856_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:b20119014cbac4f356bd44052ec827df4eab1422aa5ed3ba7b0e0aa67c5d08ab_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:decf1467f5221c47d0e8926b0c603590393f630baa1973c8edae8494e2566dd4_amd64 | — |
Threats
Impact
Moderate
A flaw was found in golang. When calling Decoder, Decode on a message that contains deeply nested structures, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:182617afd959e3848332d7ddf8e852c8bce783ebd20819dae709f62707a48553_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:378a1164f6a4b373ceb3324c4763f22a698f7ea011ee2cba695103666e6a5d09_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:c1903bb813958cf463966e5373890f1100d20ea3b7acf7d29910c28d063b72be_ppc64le | — |
Vendor Fix
fix
|
Known not affected
33 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:36c41473747952825632ab37ace5230d035eb2b22437db43abc100774373bfff_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:4aed79cea350c699ffa3cddda3ffd5e1f00d46436ed4de7057161237661ae523_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:7a437c2304a2f8afe8116246ab7d984ea7bc474b075360ad25788eb20e418400_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2027f961b5eb33db40fba0d1037d3830b2e3a2de155ba37c03c0dd606a180b3e_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:bf295af188327b241546af2c4fda30b3915f76c8f05c7fadf1e120fafc95f276_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:eef2e1f2def5cd097ef5631e9d0c9d80b0ce936a09a9f4daa74ce1d60a5c29bc_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7eeaaa04427752f4ba63e3abd02899fb35a1ae7d015e3fe239283c47864f1127_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a037c78586906aee892976a712c3b7225fd7ec20d520f55ae24a898ef5a86d30_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a760acaf99548ee1782b665ce98ce7b6676eba294941e5b74c0d5a3ab5c5f9a3_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:a98b69c2bf5773a3527441ee44b51f27e50efb09fa73932e52598a6ba5a741eb_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:e7f8fb928593bf7504c195804bc1562cd3b9ffbc46bdb1d75e8e5c7558c76356_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:f756510de309cab2b9420e075ece2643cfe79c4c5bfa7c90f58ed06feb78775f_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:419731ee8118ac762e4115064832e71f1cda13552c40b727fc20c81b244d22a9_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:96343511b8cfe3ad9df3f5a1e2c51d3302d32b7eeeb6ea1e4822c8a6856d2d51_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:d7e7da1afcae5bc8510ab5c23517d8d28f96e47340016729088781a958213c01_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:349cbb1106879f862cd42f9c9af280046d339a9eded40428178f7453986d5b5b_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a3880a08c92474cd0e9cb3034eeeb6b6c5b7045359c1a19c9f0f98a144737188_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:b55afe58cdee505d05180e88dfcc0f630dcfa19a2bbec72d256e1d4e79141b99_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:9c095c3294dc83493db05fabe9bfef46a161074c486cf0ad46019c5d621ba586_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:a0fa3599feb43cfdd415ded5c311a4796713429c700a7089da01dc3b420e706c_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:daa244bd00fd98d46d05bb4bcb562178d50d138c00329199872f8d9f7ecf4160_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:079cc03ce02b8da51600ef0f50c7b979177da3faa48643fda991e26cb2979700_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:4d91ec9565f8bace77481e04f821680b760cc58134dbbe7ebf184d1aeec828b4_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:b2a7d30f3d367cac2637116ac5e79533dc79149631ed280fb6132cc92a5ea7aa_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:0b2f1f61c2fe58d4c78d4c2fa14ed8f643cce686239143cfd179701ca13c25fe_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:38ea3d805ff8b1b940974d3e1df14b9626b7f9be2c1df5c828edba35db6713a0_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:50095681181e1e145fbfdf0ed3d7586a69890c07636fb0397a9f4694e6f589ef_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:98fc312123a0d08b628601f674443825e915a54a91e89cbe0c47d8473b7be0b8_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:bcd91152819872f1ce051cdb8dd10a166ca917a6f4a40c1645bcc43a45e475fa_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:d7dfb48bcb7c385b5e403a161f9f75547191cbf9353d89655c49a49a507c3ff0_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:38bd37201f9c134251fe9ce946983e825e147dfda261c1fd226c8a8b811eb856_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:b20119014cbac4f356bd44052ec827df4eab1422aa5ed3ba7b0e0aa67c5d08ab_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:decf1467f5221c47d0e8926b0c603590393f630baa1973c8edae8494e2566dd4_amd64 | — |
Threats
Impact
Moderate
A flaw was found in the golang package. The JoinPath doesn't remove the ../ path components appended to a domain that is not terminated by a slash, possibly leading to a directory traversal attack.
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:182617afd959e3848332d7ddf8e852c8bce783ebd20819dae709f62707a48553_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:378a1164f6a4b373ceb3324c4763f22a698f7ea011ee2cba695103666e6a5d09_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:c1903bb813958cf463966e5373890f1100d20ea3b7acf7d29910c28d063b72be_ppc64le | — |
Vendor Fix
fix
|
Known not affected
33 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:36c41473747952825632ab37ace5230d035eb2b22437db43abc100774373bfff_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:4aed79cea350c699ffa3cddda3ffd5e1f00d46436ed4de7057161237661ae523_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:7a437c2304a2f8afe8116246ab7d984ea7bc474b075360ad25788eb20e418400_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2027f961b5eb33db40fba0d1037d3830b2e3a2de155ba37c03c0dd606a180b3e_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:bf295af188327b241546af2c4fda30b3915f76c8f05c7fadf1e120fafc95f276_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:eef2e1f2def5cd097ef5631e9d0c9d80b0ce936a09a9f4daa74ce1d60a5c29bc_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7eeaaa04427752f4ba63e3abd02899fb35a1ae7d015e3fe239283c47864f1127_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a037c78586906aee892976a712c3b7225fd7ec20d520f55ae24a898ef5a86d30_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a760acaf99548ee1782b665ce98ce7b6676eba294941e5b74c0d5a3ab5c5f9a3_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:a98b69c2bf5773a3527441ee44b51f27e50efb09fa73932e52598a6ba5a741eb_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:e7f8fb928593bf7504c195804bc1562cd3b9ffbc46bdb1d75e8e5c7558c76356_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:f756510de309cab2b9420e075ece2643cfe79c4c5bfa7c90f58ed06feb78775f_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:419731ee8118ac762e4115064832e71f1cda13552c40b727fc20c81b244d22a9_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:96343511b8cfe3ad9df3f5a1e2c51d3302d32b7eeeb6ea1e4822c8a6856d2d51_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:d7e7da1afcae5bc8510ab5c23517d8d28f96e47340016729088781a958213c01_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:349cbb1106879f862cd42f9c9af280046d339a9eded40428178f7453986d5b5b_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a3880a08c92474cd0e9cb3034eeeb6b6c5b7045359c1a19c9f0f98a144737188_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:b55afe58cdee505d05180e88dfcc0f630dcfa19a2bbec72d256e1d4e79141b99_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:9c095c3294dc83493db05fabe9bfef46a161074c486cf0ad46019c5d621ba586_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:a0fa3599feb43cfdd415ded5c311a4796713429c700a7089da01dc3b420e706c_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:daa244bd00fd98d46d05bb4bcb562178d50d138c00329199872f8d9f7ecf4160_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:079cc03ce02b8da51600ef0f50c7b979177da3faa48643fda991e26cb2979700_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:4d91ec9565f8bace77481e04f821680b760cc58134dbbe7ebf184d1aeec828b4_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:b2a7d30f3d367cac2637116ac5e79533dc79149631ed280fb6132cc92a5ea7aa_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:0b2f1f61c2fe58d4c78d4c2fa14ed8f643cce686239143cfd179701ca13c25fe_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:38ea3d805ff8b1b940974d3e1df14b9626b7f9be2c1df5c828edba35db6713a0_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:50095681181e1e145fbfdf0ed3d7586a69890c07636fb0397a9f4694e6f589ef_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:98fc312123a0d08b628601f674443825e915a54a91e89cbe0c47d8473b7be0b8_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:bcd91152819872f1ce051cdb8dd10a166ca917a6f4a40c1645bcc43a45e475fa_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:d7dfb48bcb7c385b5e403a161f9f75547191cbf9353d89655c49a49a507c3ff0_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:38bd37201f9c134251fe9ce946983e825e147dfda261c1fd226c8a8b811eb856_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:b20119014cbac4f356bd44052ec827df4eab1422aa5ed3ba7b0e0aa67c5d08ab_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:decf1467f5221c47d0e8926b0c603590393f630baa1973c8edae8494e2566dd4_amd64 | — |
Threats
Impact
Moderate
References
55 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "OpenShift API for Data Protection (OADP) 1.1.1 is now available.\n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "OpenShift API for Data Protection (OADP) enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes.\n\nSecurity Fix(es) from Bugzilla:\n\n* golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191)\n\n* golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)\n\n* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)\n\n* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)\n\n* golang: net/url: JoinPath does not strip relative path components in all circumstances (CVE-2022-32190)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:8634",
"url": "https://access.redhat.com/errata/RHSA-2022:8634"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2064702",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064702"
},
{
"category": "external",
"summary": "2107386",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107386"
},
{
"category": "external",
"summary": "2107388",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107388"
},
{
"category": "external",
"summary": "2124668",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124668"
},
{
"category": "external",
"summary": "2124669",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124669"
},
{
"category": "external",
"summary": "OADP-1002",
"url": "https://issues.redhat.com/browse/OADP-1002"
},
{
"category": "external",
"summary": "OADP-1016",
"url": "https://issues.redhat.com/browse/OADP-1016"
},
{
"category": "external",
"summary": "OADP-1020",
"url": "https://issues.redhat.com/browse/OADP-1020"
},
{
"category": "external",
"summary": "OADP-1027",
"url": "https://issues.redhat.com/browse/OADP-1027"
},
{
"category": "external",
"summary": "OADP-608",
"url": "https://issues.redhat.com/browse/OADP-608"
},
{
"category": "external",
"summary": "OADP-609",
"url": "https://issues.redhat.com/browse/OADP-609"
},
{
"category": "external",
"summary": "OADP-611",
"url": "https://issues.redhat.com/browse/OADP-611"
},
{
"category": "external",
"summary": "OADP-612",
"url": "https://issues.redhat.com/browse/OADP-612"
},
{
"category": "external",
"summary": "OADP-642",
"url": "https://issues.redhat.com/browse/OADP-642"
},
{
"category": "external",
"summary": "OADP-645",
"url": "https://issues.redhat.com/browse/OADP-645"
},
{
"category": "external",
"summary": "OADP-662",
"url": "https://issues.redhat.com/browse/OADP-662"
},
{
"category": "external",
"summary": "OADP-724",
"url": "https://issues.redhat.com/browse/OADP-724"
},
{
"category": "external",
"summary": "OADP-725",
"url": "https://issues.redhat.com/browse/OADP-725"
},
{
"category": "external",
"summary": "OADP-731",
"url": "https://issues.redhat.com/browse/OADP-731"
},
{
"category": "external",
"summary": "OADP-741",
"url": "https://issues.redhat.com/browse/OADP-741"
},
{
"category": "external",
"summary": "OADP-774",
"url": "https://issues.redhat.com/browse/OADP-774"
},
{
"category": "external",
"summary": "OADP-794",
"url": "https://issues.redhat.com/browse/OADP-794"
},
{
"category": "external",
"summary": "OADP-825",
"url": "https://issues.redhat.com/browse/OADP-825"
},
{
"category": "external",
"summary": "OADP-849",
"url": "https://issues.redhat.com/browse/OADP-849"
},
{
"category": "external",
"summary": "OADP-927",
"url": "https://issues.redhat.com/browse/OADP-927"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_8634.json"
}
],
"title": "Red Hat Security Advisory: OpenShift API for Data Protection (OADP) 1.1.1 security and bug fix update",
"tracking": {
"current_release_date": "2026-04-30T16:21:33+00:00",
"generator": {
"date": "2026-04-30T16:21:33+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.7"
}
},
"id": "RHSA-2022:8634",
"initial_release_date": "2022-11-28T02:51:35+00:00",
"revision_history": [
{
"date": "2022-11-28T02:51:35+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-11-28T02:51:35+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-04-30T16:21:33+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "8Base-OADP-1.1",
"product": {
"name": "8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_api_data_protection:1.1::el8"
}
}
}
],
"category": "product_family",
"name": "OpenShift API for Data Protection"
},
{
"branches": [
{
"category": "product_version",
"name": "oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:36c41473747952825632ab37ace5230d035eb2b22437db43abc100774373bfff_ppc64le",
"product": {
"name": "oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:36c41473747952825632ab37ace5230d035eb2b22437db43abc100774373bfff_ppc64le",
"product_id": "oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:36c41473747952825632ab37ace5230d035eb2b22437db43abc100774373bfff_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/oadp-kubevirt-velero-plugin-rhel8@sha256:36c41473747952825632ab37ace5230d035eb2b22437db43abc100774373bfff?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel8\u0026tag=1.1.1-27"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-mustgather-rhel8@sha256:2027f961b5eb33db40fba0d1037d3830b2e3a2de155ba37c03c0dd606a180b3e_ppc64le",
"product": {
"name": "oadp/oadp-mustgather-rhel8@sha256:2027f961b5eb33db40fba0d1037d3830b2e3a2de155ba37c03c0dd606a180b3e_ppc64le",
"product_id": "oadp/oadp-mustgather-rhel8@sha256:2027f961b5eb33db40fba0d1037d3830b2e3a2de155ba37c03c0dd606a180b3e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/oadp-mustgather-rhel8@sha256:2027f961b5eb33db40fba0d1037d3830b2e3a2de155ba37c03c0dd606a180b3e?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp/oadp-mustgather-rhel8\u0026tag=1.1.1-29"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-operator-bundle@sha256:a037c78586906aee892976a712c3b7225fd7ec20d520f55ae24a898ef5a86d30_ppc64le",
"product": {
"name": "oadp/oadp-operator-bundle@sha256:a037c78586906aee892976a712c3b7225fd7ec20d520f55ae24a898ef5a86d30_ppc64le",
"product_id": "oadp/oadp-operator-bundle@sha256:a037c78586906aee892976a712c3b7225fd7ec20d520f55ae24a898ef5a86d30_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/oadp-operator-bundle@sha256:a037c78586906aee892976a712c3b7225fd7ec20d520f55ae24a898ef5a86d30?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp/oadp-operator-bundle\u0026tag=1.1.1-41"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-rhel8-operator@sha256:a98b69c2bf5773a3527441ee44b51f27e50efb09fa73932e52598a6ba5a741eb_ppc64le",
"product": {
"name": "oadp/oadp-rhel8-operator@sha256:a98b69c2bf5773a3527441ee44b51f27e50efb09fa73932e52598a6ba5a741eb_ppc64le",
"product_id": "oadp/oadp-rhel8-operator@sha256:a98b69c2bf5773a3527441ee44b51f27e50efb09fa73932e52598a6ba5a741eb_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/oadp-rhel8-operator@sha256:a98b69c2bf5773a3527441ee44b51f27e50efb09fa73932e52598a6ba5a741eb?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp/oadp-rhel8-operator\u0026tag=1.1.1-22"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-rhel8@sha256:c1903bb813958cf463966e5373890f1100d20ea3b7acf7d29910c28d063b72be_ppc64le",
"product": {
"name": "oadp/oadp-velero-rhel8@sha256:c1903bb813958cf463966e5373890f1100d20ea3b7acf7d29910c28d063b72be_ppc64le",
"product_id": "oadp/oadp-velero-rhel8@sha256:c1903bb813958cf463966e5373890f1100d20ea3b7acf7d29910c28d063b72be_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-rhel8@sha256:c1903bb813958cf463966e5373890f1100d20ea3b7acf7d29910c28d063b72be?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp/oadp-velero-rhel8\u0026tag=1.1.1-20"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-plugin-rhel8@sha256:0b2f1f61c2fe58d4c78d4c2fa14ed8f643cce686239143cfd179701ca13c25fe_ppc64le",
"product": {
"name": "oadp/oadp-velero-plugin-rhel8@sha256:0b2f1f61c2fe58d4c78d4c2fa14ed8f643cce686239143cfd179701ca13c25fe_ppc64le",
"product_id": "oadp/oadp-velero-plugin-rhel8@sha256:0b2f1f61c2fe58d4c78d4c2fa14ed8f643cce686239143cfd179701ca13c25fe_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-rhel8@sha256:0b2f1f61c2fe58d4c78d4c2fa14ed8f643cce686239143cfd179701ca13c25fe?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-rhel8\u0026tag=1.1.1-16"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-plugin-for-aws-rhel8@sha256:d7e7da1afcae5bc8510ab5c23517d8d28f96e47340016729088781a958213c01_ppc64le",
"product": {
"name": "oadp/oadp-velero-plugin-for-aws-rhel8@sha256:d7e7da1afcae5bc8510ab5c23517d8d28f96e47340016729088781a958213c01_ppc64le",
"product_id": "oadp/oadp-velero-plugin-for-aws-rhel8@sha256:d7e7da1afcae5bc8510ab5c23517d8d28f96e47340016729088781a958213c01_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-for-aws-rhel8@sha256:d7e7da1afcae5bc8510ab5c23517d8d28f96e47340016729088781a958213c01?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel8\u0026tag=1.1.1-16"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a3880a08c92474cd0e9cb3034eeeb6b6c5b7045359c1a19c9f0f98a144737188_ppc64le",
"product": {
"name": "oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a3880a08c92474cd0e9cb3034eeeb6b6c5b7045359c1a19c9f0f98a144737188_ppc64le",
"product_id": "oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a3880a08c92474cd0e9cb3034eeeb6b6c5b7045359c1a19c9f0f98a144737188_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-for-csi-rhel8@sha256:a3880a08c92474cd0e9cb3034eeeb6b6c5b7045359c1a19c9f0f98a144737188?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-csi-rhel8\u0026tag=1.1.1-23"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:9c095c3294dc83493db05fabe9bfef46a161074c486cf0ad46019c5d621ba586_ppc64le",
"product": {
"name": "oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:9c095c3294dc83493db05fabe9bfef46a161074c486cf0ad46019c5d621ba586_ppc64le",
"product_id": "oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:9c095c3294dc83493db05fabe9bfef46a161074c486cf0ad46019c5d621ba586_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-for-gcp-rhel8@sha256:9c095c3294dc83493db05fabe9bfef46a161074c486cf0ad46019c5d621ba586?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel8\u0026tag=1.1.1-17"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:4d91ec9565f8bace77481e04f821680b760cc58134dbbe7ebf184d1aeec828b4_ppc64le",
"product": {
"name": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:4d91ec9565f8bace77481e04f821680b760cc58134dbbe7ebf184d1aeec828b4_ppc64le",
"product_id": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:4d91ec9565f8bace77481e04f821680b760cc58134dbbe7ebf184d1aeec828b4_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:4d91ec9565f8bace77481e04f821680b760cc58134dbbe7ebf184d1aeec828b4?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-microsoft-azure-rhel8\u0026tag=1.1.1-16"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-restic-restore-helper-rhel8@sha256:bcd91152819872f1ce051cdb8dd10a166ca917a6f4a40c1645bcc43a45e475fa_ppc64le",
"product": {
"name": "oadp/oadp-velero-restic-restore-helper-rhel8@sha256:bcd91152819872f1ce051cdb8dd10a166ca917a6f4a40c1645bcc43a45e475fa_ppc64le",
"product_id": "oadp/oadp-velero-restic-restore-helper-rhel8@sha256:bcd91152819872f1ce051cdb8dd10a166ca917a6f4a40c1645bcc43a45e475fa_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-restic-restore-helper-rhel8@sha256:bcd91152819872f1ce051cdb8dd10a166ca917a6f4a40c1645bcc43a45e475fa?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel8\u0026tag=1.1.1-18"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-volume-snapshot-mover-rhel8@sha256:38bd37201f9c134251fe9ce946983e825e147dfda261c1fd226c8a8b811eb856_ppc64le",
"product": {
"name": "oadp/oadp-volume-snapshot-mover-rhel8@sha256:38bd37201f9c134251fe9ce946983e825e147dfda261c1fd226c8a8b811eb856_ppc64le",
"product_id": "oadp/oadp-volume-snapshot-mover-rhel8@sha256:38bd37201f9c134251fe9ce946983e825e147dfda261c1fd226c8a8b811eb856_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/oadp-volume-snapshot-mover-rhel8@sha256:38bd37201f9c134251fe9ce946983e825e147dfda261c1fd226c8a8b811eb856?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp/oadp-volume-snapshot-mover-rhel8\u0026tag=1.1.1-26"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:4aed79cea350c699ffa3cddda3ffd5e1f00d46436ed4de7057161237661ae523_s390x",
"product": {
"name": "oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:4aed79cea350c699ffa3cddda3ffd5e1f00d46436ed4de7057161237661ae523_s390x",
"product_id": "oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:4aed79cea350c699ffa3cddda3ffd5e1f00d46436ed4de7057161237661ae523_s390x",
"product_identification_helper": {
"purl": "pkg:oci/oadp-kubevirt-velero-plugin-rhel8@sha256:4aed79cea350c699ffa3cddda3ffd5e1f00d46436ed4de7057161237661ae523?arch=s390x\u0026repository_url=registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel8\u0026tag=1.1.1-27"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-mustgather-rhel8@sha256:eef2e1f2def5cd097ef5631e9d0c9d80b0ce936a09a9f4daa74ce1d60a5c29bc_s390x",
"product": {
"name": "oadp/oadp-mustgather-rhel8@sha256:eef2e1f2def5cd097ef5631e9d0c9d80b0ce936a09a9f4daa74ce1d60a5c29bc_s390x",
"product_id": "oadp/oadp-mustgather-rhel8@sha256:eef2e1f2def5cd097ef5631e9d0c9d80b0ce936a09a9f4daa74ce1d60a5c29bc_s390x",
"product_identification_helper": {
"purl": "pkg:oci/oadp-mustgather-rhel8@sha256:eef2e1f2def5cd097ef5631e9d0c9d80b0ce936a09a9f4daa74ce1d60a5c29bc?arch=s390x\u0026repository_url=registry.redhat.io/oadp/oadp-mustgather-rhel8\u0026tag=1.1.1-29"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-operator-bundle@sha256:7eeaaa04427752f4ba63e3abd02899fb35a1ae7d015e3fe239283c47864f1127_s390x",
"product": {
"name": "oadp/oadp-operator-bundle@sha256:7eeaaa04427752f4ba63e3abd02899fb35a1ae7d015e3fe239283c47864f1127_s390x",
"product_id": "oadp/oadp-operator-bundle@sha256:7eeaaa04427752f4ba63e3abd02899fb35a1ae7d015e3fe239283c47864f1127_s390x",
"product_identification_helper": {
"purl": "pkg:oci/oadp-operator-bundle@sha256:7eeaaa04427752f4ba63e3abd02899fb35a1ae7d015e3fe239283c47864f1127?arch=s390x\u0026repository_url=registry.redhat.io/oadp/oadp-operator-bundle\u0026tag=1.1.1-41"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-rhel8-operator@sha256:f756510de309cab2b9420e075ece2643cfe79c4c5bfa7c90f58ed06feb78775f_s390x",
"product": {
"name": "oadp/oadp-rhel8-operator@sha256:f756510de309cab2b9420e075ece2643cfe79c4c5bfa7c90f58ed06feb78775f_s390x",
"product_id": "oadp/oadp-rhel8-operator@sha256:f756510de309cab2b9420e075ece2643cfe79c4c5bfa7c90f58ed06feb78775f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/oadp-rhel8-operator@sha256:f756510de309cab2b9420e075ece2643cfe79c4c5bfa7c90f58ed06feb78775f?arch=s390x\u0026repository_url=registry.redhat.io/oadp/oadp-rhel8-operator\u0026tag=1.1.1-22"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-rhel8@sha256:378a1164f6a4b373ceb3324c4763f22a698f7ea011ee2cba695103666e6a5d09_s390x",
"product": {
"name": "oadp/oadp-velero-rhel8@sha256:378a1164f6a4b373ceb3324c4763f22a698f7ea011ee2cba695103666e6a5d09_s390x",
"product_id": "oadp/oadp-velero-rhel8@sha256:378a1164f6a4b373ceb3324c4763f22a698f7ea011ee2cba695103666e6a5d09_s390x",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-rhel8@sha256:378a1164f6a4b373ceb3324c4763f22a698f7ea011ee2cba695103666e6a5d09?arch=s390x\u0026repository_url=registry.redhat.io/oadp/oadp-velero-rhel8\u0026tag=1.1.1-20"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-plugin-rhel8@sha256:50095681181e1e145fbfdf0ed3d7586a69890c07636fb0397a9f4694e6f589ef_s390x",
"product": {
"name": "oadp/oadp-velero-plugin-rhel8@sha256:50095681181e1e145fbfdf0ed3d7586a69890c07636fb0397a9f4694e6f589ef_s390x",
"product_id": "oadp/oadp-velero-plugin-rhel8@sha256:50095681181e1e145fbfdf0ed3d7586a69890c07636fb0397a9f4694e6f589ef_s390x",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-rhel8@sha256:50095681181e1e145fbfdf0ed3d7586a69890c07636fb0397a9f4694e6f589ef?arch=s390x\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-rhel8\u0026tag=1.1.1-16"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-plugin-for-aws-rhel8@sha256:419731ee8118ac762e4115064832e71f1cda13552c40b727fc20c81b244d22a9_s390x",
"product": {
"name": "oadp/oadp-velero-plugin-for-aws-rhel8@sha256:419731ee8118ac762e4115064832e71f1cda13552c40b727fc20c81b244d22a9_s390x",
"product_id": "oadp/oadp-velero-plugin-for-aws-rhel8@sha256:419731ee8118ac762e4115064832e71f1cda13552c40b727fc20c81b244d22a9_s390x",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-for-aws-rhel8@sha256:419731ee8118ac762e4115064832e71f1cda13552c40b727fc20c81b244d22a9?arch=s390x\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel8\u0026tag=1.1.1-16"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-plugin-for-csi-rhel8@sha256:349cbb1106879f862cd42f9c9af280046d339a9eded40428178f7453986d5b5b_s390x",
"product": {
"name": "oadp/oadp-velero-plugin-for-csi-rhel8@sha256:349cbb1106879f862cd42f9c9af280046d339a9eded40428178f7453986d5b5b_s390x",
"product_id": "oadp/oadp-velero-plugin-for-csi-rhel8@sha256:349cbb1106879f862cd42f9c9af280046d339a9eded40428178f7453986d5b5b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-for-csi-rhel8@sha256:349cbb1106879f862cd42f9c9af280046d339a9eded40428178f7453986d5b5b?arch=s390x\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-csi-rhel8\u0026tag=1.1.1-23"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:daa244bd00fd98d46d05bb4bcb562178d50d138c00329199872f8d9f7ecf4160_s390x",
"product": {
"name": "oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:daa244bd00fd98d46d05bb4bcb562178d50d138c00329199872f8d9f7ecf4160_s390x",
"product_id": "oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:daa244bd00fd98d46d05bb4bcb562178d50d138c00329199872f8d9f7ecf4160_s390x",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-for-gcp-rhel8@sha256:daa244bd00fd98d46d05bb4bcb562178d50d138c00329199872f8d9f7ecf4160?arch=s390x\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel8\u0026tag=1.1.1-17"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:b2a7d30f3d367cac2637116ac5e79533dc79149631ed280fb6132cc92a5ea7aa_s390x",
"product": {
"name": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:b2a7d30f3d367cac2637116ac5e79533dc79149631ed280fb6132cc92a5ea7aa_s390x",
"product_id": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:b2a7d30f3d367cac2637116ac5e79533dc79149631ed280fb6132cc92a5ea7aa_s390x",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:b2a7d30f3d367cac2637116ac5e79533dc79149631ed280fb6132cc92a5ea7aa?arch=s390x\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-microsoft-azure-rhel8\u0026tag=1.1.1-16"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-restic-restore-helper-rhel8@sha256:d7dfb48bcb7c385b5e403a161f9f75547191cbf9353d89655c49a49a507c3ff0_s390x",
"product": {
"name": "oadp/oadp-velero-restic-restore-helper-rhel8@sha256:d7dfb48bcb7c385b5e403a161f9f75547191cbf9353d89655c49a49a507c3ff0_s390x",
"product_id": "oadp/oadp-velero-restic-restore-helper-rhel8@sha256:d7dfb48bcb7c385b5e403a161f9f75547191cbf9353d89655c49a49a507c3ff0_s390x",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-restic-restore-helper-rhel8@sha256:d7dfb48bcb7c385b5e403a161f9f75547191cbf9353d89655c49a49a507c3ff0?arch=s390x\u0026repository_url=registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel8\u0026tag=1.1.1-18"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-volume-snapshot-mover-rhel8@sha256:b20119014cbac4f356bd44052ec827df4eab1422aa5ed3ba7b0e0aa67c5d08ab_s390x",
"product": {
"name": "oadp/oadp-volume-snapshot-mover-rhel8@sha256:b20119014cbac4f356bd44052ec827df4eab1422aa5ed3ba7b0e0aa67c5d08ab_s390x",
"product_id": "oadp/oadp-volume-snapshot-mover-rhel8@sha256:b20119014cbac4f356bd44052ec827df4eab1422aa5ed3ba7b0e0aa67c5d08ab_s390x",
"product_identification_helper": {
"purl": "pkg:oci/oadp-volume-snapshot-mover-rhel8@sha256:b20119014cbac4f356bd44052ec827df4eab1422aa5ed3ba7b0e0aa67c5d08ab?arch=s390x\u0026repository_url=registry.redhat.io/oadp/oadp-volume-snapshot-mover-rhel8\u0026tag=1.1.1-26"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:7a437c2304a2f8afe8116246ab7d984ea7bc474b075360ad25788eb20e418400_amd64",
"product": {
"name": "oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:7a437c2304a2f8afe8116246ab7d984ea7bc474b075360ad25788eb20e418400_amd64",
"product_id": "oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:7a437c2304a2f8afe8116246ab7d984ea7bc474b075360ad25788eb20e418400_amd64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-kubevirt-velero-plugin-rhel8@sha256:7a437c2304a2f8afe8116246ab7d984ea7bc474b075360ad25788eb20e418400?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel8\u0026tag=1.1.1-27"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-mustgather-rhel8@sha256:bf295af188327b241546af2c4fda30b3915f76c8f05c7fadf1e120fafc95f276_amd64",
"product": {
"name": "oadp/oadp-mustgather-rhel8@sha256:bf295af188327b241546af2c4fda30b3915f76c8f05c7fadf1e120fafc95f276_amd64",
"product_id": "oadp/oadp-mustgather-rhel8@sha256:bf295af188327b241546af2c4fda30b3915f76c8f05c7fadf1e120fafc95f276_amd64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-mustgather-rhel8@sha256:bf295af188327b241546af2c4fda30b3915f76c8f05c7fadf1e120fafc95f276?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-mustgather-rhel8\u0026tag=1.1.1-29"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-operator-bundle@sha256:a760acaf99548ee1782b665ce98ce7b6676eba294941e5b74c0d5a3ab5c5f9a3_amd64",
"product": {
"name": "oadp/oadp-operator-bundle@sha256:a760acaf99548ee1782b665ce98ce7b6676eba294941e5b74c0d5a3ab5c5f9a3_amd64",
"product_id": "oadp/oadp-operator-bundle@sha256:a760acaf99548ee1782b665ce98ce7b6676eba294941e5b74c0d5a3ab5c5f9a3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-operator-bundle@sha256:a760acaf99548ee1782b665ce98ce7b6676eba294941e5b74c0d5a3ab5c5f9a3?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-operator-bundle\u0026tag=1.1.1-41"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-rhel8-operator@sha256:e7f8fb928593bf7504c195804bc1562cd3b9ffbc46bdb1d75e8e5c7558c76356_amd64",
"product": {
"name": "oadp/oadp-rhel8-operator@sha256:e7f8fb928593bf7504c195804bc1562cd3b9ffbc46bdb1d75e8e5c7558c76356_amd64",
"product_id": "oadp/oadp-rhel8-operator@sha256:e7f8fb928593bf7504c195804bc1562cd3b9ffbc46bdb1d75e8e5c7558c76356_amd64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-rhel8-operator@sha256:e7f8fb928593bf7504c195804bc1562cd3b9ffbc46bdb1d75e8e5c7558c76356?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-rhel8-operator\u0026tag=1.1.1-22"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-rhel8@sha256:182617afd959e3848332d7ddf8e852c8bce783ebd20819dae709f62707a48553_amd64",
"product": {
"name": "oadp/oadp-velero-rhel8@sha256:182617afd959e3848332d7ddf8e852c8bce783ebd20819dae709f62707a48553_amd64",
"product_id": "oadp/oadp-velero-rhel8@sha256:182617afd959e3848332d7ddf8e852c8bce783ebd20819dae709f62707a48553_amd64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-rhel8@sha256:182617afd959e3848332d7ddf8e852c8bce783ebd20819dae709f62707a48553?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-rhel8\u0026tag=1.1.1-20"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-plugin-rhel8@sha256:38ea3d805ff8b1b940974d3e1df14b9626b7f9be2c1df5c828edba35db6713a0_amd64",
"product": {
"name": "oadp/oadp-velero-plugin-rhel8@sha256:38ea3d805ff8b1b940974d3e1df14b9626b7f9be2c1df5c828edba35db6713a0_amd64",
"product_id": "oadp/oadp-velero-plugin-rhel8@sha256:38ea3d805ff8b1b940974d3e1df14b9626b7f9be2c1df5c828edba35db6713a0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-rhel8@sha256:38ea3d805ff8b1b940974d3e1df14b9626b7f9be2c1df5c828edba35db6713a0?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-rhel8\u0026tag=1.1.1-16"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-plugin-for-aws-rhel8@sha256:96343511b8cfe3ad9df3f5a1e2c51d3302d32b7eeeb6ea1e4822c8a6856d2d51_amd64",
"product": {
"name": "oadp/oadp-velero-plugin-for-aws-rhel8@sha256:96343511b8cfe3ad9df3f5a1e2c51d3302d32b7eeeb6ea1e4822c8a6856d2d51_amd64",
"product_id": "oadp/oadp-velero-plugin-for-aws-rhel8@sha256:96343511b8cfe3ad9df3f5a1e2c51d3302d32b7eeeb6ea1e4822c8a6856d2d51_amd64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-for-aws-rhel8@sha256:96343511b8cfe3ad9df3f5a1e2c51d3302d32b7eeeb6ea1e4822c8a6856d2d51?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel8\u0026tag=1.1.1-16"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-plugin-for-csi-rhel8@sha256:b55afe58cdee505d05180e88dfcc0f630dcfa19a2bbec72d256e1d4e79141b99_amd64",
"product": {
"name": "oadp/oadp-velero-plugin-for-csi-rhel8@sha256:b55afe58cdee505d05180e88dfcc0f630dcfa19a2bbec72d256e1d4e79141b99_amd64",
"product_id": "oadp/oadp-velero-plugin-for-csi-rhel8@sha256:b55afe58cdee505d05180e88dfcc0f630dcfa19a2bbec72d256e1d4e79141b99_amd64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-for-csi-rhel8@sha256:b55afe58cdee505d05180e88dfcc0f630dcfa19a2bbec72d256e1d4e79141b99?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-csi-rhel8\u0026tag=1.1.1-23"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:a0fa3599feb43cfdd415ded5c311a4796713429c700a7089da01dc3b420e706c_amd64",
"product": {
"name": "oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:a0fa3599feb43cfdd415ded5c311a4796713429c700a7089da01dc3b420e706c_amd64",
"product_id": "oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:a0fa3599feb43cfdd415ded5c311a4796713429c700a7089da01dc3b420e706c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-for-gcp-rhel8@sha256:a0fa3599feb43cfdd415ded5c311a4796713429c700a7089da01dc3b420e706c?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel8\u0026tag=1.1.1-17"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:079cc03ce02b8da51600ef0f50c7b979177da3faa48643fda991e26cb2979700_amd64",
"product": {
"name": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:079cc03ce02b8da51600ef0f50c7b979177da3faa48643fda991e26cb2979700_amd64",
"product_id": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:079cc03ce02b8da51600ef0f50c7b979177da3faa48643fda991e26cb2979700_amd64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:079cc03ce02b8da51600ef0f50c7b979177da3faa48643fda991e26cb2979700?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-microsoft-azure-rhel8\u0026tag=1.1.1-16"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-restic-restore-helper-rhel8@sha256:98fc312123a0d08b628601f674443825e915a54a91e89cbe0c47d8473b7be0b8_amd64",
"product": {
"name": "oadp/oadp-velero-restic-restore-helper-rhel8@sha256:98fc312123a0d08b628601f674443825e915a54a91e89cbe0c47d8473b7be0b8_amd64",
"product_id": "oadp/oadp-velero-restic-restore-helper-rhel8@sha256:98fc312123a0d08b628601f674443825e915a54a91e89cbe0c47d8473b7be0b8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-restic-restore-helper-rhel8@sha256:98fc312123a0d08b628601f674443825e915a54a91e89cbe0c47d8473b7be0b8?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel8\u0026tag=1.1.1-18"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-volume-snapshot-mover-rhel8@sha256:decf1467f5221c47d0e8926b0c603590393f630baa1973c8edae8494e2566dd4_amd64",
"product": {
"name": "oadp/oadp-volume-snapshot-mover-rhel8@sha256:decf1467f5221c47d0e8926b0c603590393f630baa1973c8edae8494e2566dd4_amd64",
"product_id": "oadp/oadp-volume-snapshot-mover-rhel8@sha256:decf1467f5221c47d0e8926b0c603590393f630baa1973c8edae8494e2566dd4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-volume-snapshot-mover-rhel8@sha256:decf1467f5221c47d0e8926b0c603590393f630baa1973c8edae8494e2566dd4?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-volume-snapshot-mover-rhel8\u0026tag=1.1.1-26"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:36c41473747952825632ab37ace5230d035eb2b22437db43abc100774373bfff_ppc64le as a component of 8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:36c41473747952825632ab37ace5230d035eb2b22437db43abc100774373bfff_ppc64le"
},
"product_reference": "oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:36c41473747952825632ab37ace5230d035eb2b22437db43abc100774373bfff_ppc64le",
"relates_to_product_reference": "8Base-OADP-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:4aed79cea350c699ffa3cddda3ffd5e1f00d46436ed4de7057161237661ae523_s390x as a component of 8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:4aed79cea350c699ffa3cddda3ffd5e1f00d46436ed4de7057161237661ae523_s390x"
},
"product_reference": "oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:4aed79cea350c699ffa3cddda3ffd5e1f00d46436ed4de7057161237661ae523_s390x",
"relates_to_product_reference": "8Base-OADP-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:7a437c2304a2f8afe8116246ab7d984ea7bc474b075360ad25788eb20e418400_amd64 as a component of 8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:7a437c2304a2f8afe8116246ab7d984ea7bc474b075360ad25788eb20e418400_amd64"
},
"product_reference": "oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:7a437c2304a2f8afe8116246ab7d984ea7bc474b075360ad25788eb20e418400_amd64",
"relates_to_product_reference": "8Base-OADP-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-mustgather-rhel8@sha256:2027f961b5eb33db40fba0d1037d3830b2e3a2de155ba37c03c0dd606a180b3e_ppc64le as a component of 8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2027f961b5eb33db40fba0d1037d3830b2e3a2de155ba37c03c0dd606a180b3e_ppc64le"
},
"product_reference": "oadp/oadp-mustgather-rhel8@sha256:2027f961b5eb33db40fba0d1037d3830b2e3a2de155ba37c03c0dd606a180b3e_ppc64le",
"relates_to_product_reference": "8Base-OADP-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-mustgather-rhel8@sha256:bf295af188327b241546af2c4fda30b3915f76c8f05c7fadf1e120fafc95f276_amd64 as a component of 8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:bf295af188327b241546af2c4fda30b3915f76c8f05c7fadf1e120fafc95f276_amd64"
},
"product_reference": "oadp/oadp-mustgather-rhel8@sha256:bf295af188327b241546af2c4fda30b3915f76c8f05c7fadf1e120fafc95f276_amd64",
"relates_to_product_reference": "8Base-OADP-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-mustgather-rhel8@sha256:eef2e1f2def5cd097ef5631e9d0c9d80b0ce936a09a9f4daa74ce1d60a5c29bc_s390x as a component of 8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:eef2e1f2def5cd097ef5631e9d0c9d80b0ce936a09a9f4daa74ce1d60a5c29bc_s390x"
},
"product_reference": "oadp/oadp-mustgather-rhel8@sha256:eef2e1f2def5cd097ef5631e9d0c9d80b0ce936a09a9f4daa74ce1d60a5c29bc_s390x",
"relates_to_product_reference": "8Base-OADP-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-operator-bundle@sha256:7eeaaa04427752f4ba63e3abd02899fb35a1ae7d015e3fe239283c47864f1127_s390x as a component of 8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7eeaaa04427752f4ba63e3abd02899fb35a1ae7d015e3fe239283c47864f1127_s390x"
},
"product_reference": "oadp/oadp-operator-bundle@sha256:7eeaaa04427752f4ba63e3abd02899fb35a1ae7d015e3fe239283c47864f1127_s390x",
"relates_to_product_reference": "8Base-OADP-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-operator-bundle@sha256:a037c78586906aee892976a712c3b7225fd7ec20d520f55ae24a898ef5a86d30_ppc64le as a component of 8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a037c78586906aee892976a712c3b7225fd7ec20d520f55ae24a898ef5a86d30_ppc64le"
},
"product_reference": "oadp/oadp-operator-bundle@sha256:a037c78586906aee892976a712c3b7225fd7ec20d520f55ae24a898ef5a86d30_ppc64le",
"relates_to_product_reference": "8Base-OADP-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-operator-bundle@sha256:a760acaf99548ee1782b665ce98ce7b6676eba294941e5b74c0d5a3ab5c5f9a3_amd64 as a component of 8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a760acaf99548ee1782b665ce98ce7b6676eba294941e5b74c0d5a3ab5c5f9a3_amd64"
},
"product_reference": "oadp/oadp-operator-bundle@sha256:a760acaf99548ee1782b665ce98ce7b6676eba294941e5b74c0d5a3ab5c5f9a3_amd64",
"relates_to_product_reference": "8Base-OADP-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-rhel8-operator@sha256:a98b69c2bf5773a3527441ee44b51f27e50efb09fa73932e52598a6ba5a741eb_ppc64le as a component of 8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:a98b69c2bf5773a3527441ee44b51f27e50efb09fa73932e52598a6ba5a741eb_ppc64le"
},
"product_reference": "oadp/oadp-rhel8-operator@sha256:a98b69c2bf5773a3527441ee44b51f27e50efb09fa73932e52598a6ba5a741eb_ppc64le",
"relates_to_product_reference": "8Base-OADP-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-rhel8-operator@sha256:e7f8fb928593bf7504c195804bc1562cd3b9ffbc46bdb1d75e8e5c7558c76356_amd64 as a component of 8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:e7f8fb928593bf7504c195804bc1562cd3b9ffbc46bdb1d75e8e5c7558c76356_amd64"
},
"product_reference": "oadp/oadp-rhel8-operator@sha256:e7f8fb928593bf7504c195804bc1562cd3b9ffbc46bdb1d75e8e5c7558c76356_amd64",
"relates_to_product_reference": "8Base-OADP-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-rhel8-operator@sha256:f756510de309cab2b9420e075ece2643cfe79c4c5bfa7c90f58ed06feb78775f_s390x as a component of 8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:f756510de309cab2b9420e075ece2643cfe79c4c5bfa7c90f58ed06feb78775f_s390x"
},
"product_reference": "oadp/oadp-rhel8-operator@sha256:f756510de309cab2b9420e075ece2643cfe79c4c5bfa7c90f58ed06feb78775f_s390x",
"relates_to_product_reference": "8Base-OADP-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-plugin-for-aws-rhel8@sha256:419731ee8118ac762e4115064832e71f1cda13552c40b727fc20c81b244d22a9_s390x as a component of 8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:419731ee8118ac762e4115064832e71f1cda13552c40b727fc20c81b244d22a9_s390x"
},
"product_reference": "oadp/oadp-velero-plugin-for-aws-rhel8@sha256:419731ee8118ac762e4115064832e71f1cda13552c40b727fc20c81b244d22a9_s390x",
"relates_to_product_reference": "8Base-OADP-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-plugin-for-aws-rhel8@sha256:96343511b8cfe3ad9df3f5a1e2c51d3302d32b7eeeb6ea1e4822c8a6856d2d51_amd64 as a component of 8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:96343511b8cfe3ad9df3f5a1e2c51d3302d32b7eeeb6ea1e4822c8a6856d2d51_amd64"
},
"product_reference": "oadp/oadp-velero-plugin-for-aws-rhel8@sha256:96343511b8cfe3ad9df3f5a1e2c51d3302d32b7eeeb6ea1e4822c8a6856d2d51_amd64",
"relates_to_product_reference": "8Base-OADP-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-plugin-for-aws-rhel8@sha256:d7e7da1afcae5bc8510ab5c23517d8d28f96e47340016729088781a958213c01_ppc64le as a component of 8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:d7e7da1afcae5bc8510ab5c23517d8d28f96e47340016729088781a958213c01_ppc64le"
},
"product_reference": "oadp/oadp-velero-plugin-for-aws-rhel8@sha256:d7e7da1afcae5bc8510ab5c23517d8d28f96e47340016729088781a958213c01_ppc64le",
"relates_to_product_reference": "8Base-OADP-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-plugin-for-csi-rhel8@sha256:349cbb1106879f862cd42f9c9af280046d339a9eded40428178f7453986d5b5b_s390x as a component of 8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:349cbb1106879f862cd42f9c9af280046d339a9eded40428178f7453986d5b5b_s390x"
},
"product_reference": "oadp/oadp-velero-plugin-for-csi-rhel8@sha256:349cbb1106879f862cd42f9c9af280046d339a9eded40428178f7453986d5b5b_s390x",
"relates_to_product_reference": "8Base-OADP-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a3880a08c92474cd0e9cb3034eeeb6b6c5b7045359c1a19c9f0f98a144737188_ppc64le as a component of 8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a3880a08c92474cd0e9cb3034eeeb6b6c5b7045359c1a19c9f0f98a144737188_ppc64le"
},
"product_reference": "oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a3880a08c92474cd0e9cb3034eeeb6b6c5b7045359c1a19c9f0f98a144737188_ppc64le",
"relates_to_product_reference": "8Base-OADP-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-plugin-for-csi-rhel8@sha256:b55afe58cdee505d05180e88dfcc0f630dcfa19a2bbec72d256e1d4e79141b99_amd64 as a component of 8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:b55afe58cdee505d05180e88dfcc0f630dcfa19a2bbec72d256e1d4e79141b99_amd64"
},
"product_reference": "oadp/oadp-velero-plugin-for-csi-rhel8@sha256:b55afe58cdee505d05180e88dfcc0f630dcfa19a2bbec72d256e1d4e79141b99_amd64",
"relates_to_product_reference": "8Base-OADP-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:9c095c3294dc83493db05fabe9bfef46a161074c486cf0ad46019c5d621ba586_ppc64le as a component of 8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:9c095c3294dc83493db05fabe9bfef46a161074c486cf0ad46019c5d621ba586_ppc64le"
},
"product_reference": "oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:9c095c3294dc83493db05fabe9bfef46a161074c486cf0ad46019c5d621ba586_ppc64le",
"relates_to_product_reference": "8Base-OADP-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:a0fa3599feb43cfdd415ded5c311a4796713429c700a7089da01dc3b420e706c_amd64 as a component of 8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:a0fa3599feb43cfdd415ded5c311a4796713429c700a7089da01dc3b420e706c_amd64"
},
"product_reference": "oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:a0fa3599feb43cfdd415ded5c311a4796713429c700a7089da01dc3b420e706c_amd64",
"relates_to_product_reference": "8Base-OADP-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:daa244bd00fd98d46d05bb4bcb562178d50d138c00329199872f8d9f7ecf4160_s390x as a component of 8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:daa244bd00fd98d46d05bb4bcb562178d50d138c00329199872f8d9f7ecf4160_s390x"
},
"product_reference": "oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:daa244bd00fd98d46d05bb4bcb562178d50d138c00329199872f8d9f7ecf4160_s390x",
"relates_to_product_reference": "8Base-OADP-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:079cc03ce02b8da51600ef0f50c7b979177da3faa48643fda991e26cb2979700_amd64 as a component of 8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:079cc03ce02b8da51600ef0f50c7b979177da3faa48643fda991e26cb2979700_amd64"
},
"product_reference": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:079cc03ce02b8da51600ef0f50c7b979177da3faa48643fda991e26cb2979700_amd64",
"relates_to_product_reference": "8Base-OADP-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:4d91ec9565f8bace77481e04f821680b760cc58134dbbe7ebf184d1aeec828b4_ppc64le as a component of 8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:4d91ec9565f8bace77481e04f821680b760cc58134dbbe7ebf184d1aeec828b4_ppc64le"
},
"product_reference": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:4d91ec9565f8bace77481e04f821680b760cc58134dbbe7ebf184d1aeec828b4_ppc64le",
"relates_to_product_reference": "8Base-OADP-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:b2a7d30f3d367cac2637116ac5e79533dc79149631ed280fb6132cc92a5ea7aa_s390x as a component of 8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:b2a7d30f3d367cac2637116ac5e79533dc79149631ed280fb6132cc92a5ea7aa_s390x"
},
"product_reference": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:b2a7d30f3d367cac2637116ac5e79533dc79149631ed280fb6132cc92a5ea7aa_s390x",
"relates_to_product_reference": "8Base-OADP-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-plugin-rhel8@sha256:0b2f1f61c2fe58d4c78d4c2fa14ed8f643cce686239143cfd179701ca13c25fe_ppc64le as a component of 8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:0b2f1f61c2fe58d4c78d4c2fa14ed8f643cce686239143cfd179701ca13c25fe_ppc64le"
},
"product_reference": "oadp/oadp-velero-plugin-rhel8@sha256:0b2f1f61c2fe58d4c78d4c2fa14ed8f643cce686239143cfd179701ca13c25fe_ppc64le",
"relates_to_product_reference": "8Base-OADP-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-plugin-rhel8@sha256:38ea3d805ff8b1b940974d3e1df14b9626b7f9be2c1df5c828edba35db6713a0_amd64 as a component of 8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:38ea3d805ff8b1b940974d3e1df14b9626b7f9be2c1df5c828edba35db6713a0_amd64"
},
"product_reference": "oadp/oadp-velero-plugin-rhel8@sha256:38ea3d805ff8b1b940974d3e1df14b9626b7f9be2c1df5c828edba35db6713a0_amd64",
"relates_to_product_reference": "8Base-OADP-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-plugin-rhel8@sha256:50095681181e1e145fbfdf0ed3d7586a69890c07636fb0397a9f4694e6f589ef_s390x as a component of 8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:50095681181e1e145fbfdf0ed3d7586a69890c07636fb0397a9f4694e6f589ef_s390x"
},
"product_reference": "oadp/oadp-velero-plugin-rhel8@sha256:50095681181e1e145fbfdf0ed3d7586a69890c07636fb0397a9f4694e6f589ef_s390x",
"relates_to_product_reference": "8Base-OADP-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-restic-restore-helper-rhel8@sha256:98fc312123a0d08b628601f674443825e915a54a91e89cbe0c47d8473b7be0b8_amd64 as a component of 8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:98fc312123a0d08b628601f674443825e915a54a91e89cbe0c47d8473b7be0b8_amd64"
},
"product_reference": "oadp/oadp-velero-restic-restore-helper-rhel8@sha256:98fc312123a0d08b628601f674443825e915a54a91e89cbe0c47d8473b7be0b8_amd64",
"relates_to_product_reference": "8Base-OADP-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-restic-restore-helper-rhel8@sha256:bcd91152819872f1ce051cdb8dd10a166ca917a6f4a40c1645bcc43a45e475fa_ppc64le as a component of 8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:bcd91152819872f1ce051cdb8dd10a166ca917a6f4a40c1645bcc43a45e475fa_ppc64le"
},
"product_reference": "oadp/oadp-velero-restic-restore-helper-rhel8@sha256:bcd91152819872f1ce051cdb8dd10a166ca917a6f4a40c1645bcc43a45e475fa_ppc64le",
"relates_to_product_reference": "8Base-OADP-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-restic-restore-helper-rhel8@sha256:d7dfb48bcb7c385b5e403a161f9f75547191cbf9353d89655c49a49a507c3ff0_s390x as a component of 8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:d7dfb48bcb7c385b5e403a161f9f75547191cbf9353d89655c49a49a507c3ff0_s390x"
},
"product_reference": "oadp/oadp-velero-restic-restore-helper-rhel8@sha256:d7dfb48bcb7c385b5e403a161f9f75547191cbf9353d89655c49a49a507c3ff0_s390x",
"relates_to_product_reference": "8Base-OADP-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-rhel8@sha256:182617afd959e3848332d7ddf8e852c8bce783ebd20819dae709f62707a48553_amd64 as a component of 8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:182617afd959e3848332d7ddf8e852c8bce783ebd20819dae709f62707a48553_amd64"
},
"product_reference": "oadp/oadp-velero-rhel8@sha256:182617afd959e3848332d7ddf8e852c8bce783ebd20819dae709f62707a48553_amd64",
"relates_to_product_reference": "8Base-OADP-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-rhel8@sha256:378a1164f6a4b373ceb3324c4763f22a698f7ea011ee2cba695103666e6a5d09_s390x as a component of 8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:378a1164f6a4b373ceb3324c4763f22a698f7ea011ee2cba695103666e6a5d09_s390x"
},
"product_reference": "oadp/oadp-velero-rhel8@sha256:378a1164f6a4b373ceb3324c4763f22a698f7ea011ee2cba695103666e6a5d09_s390x",
"relates_to_product_reference": "8Base-OADP-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-rhel8@sha256:c1903bb813958cf463966e5373890f1100d20ea3b7acf7d29910c28d063b72be_ppc64le as a component of 8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:c1903bb813958cf463966e5373890f1100d20ea3b7acf7d29910c28d063b72be_ppc64le"
},
"product_reference": "oadp/oadp-velero-rhel8@sha256:c1903bb813958cf463966e5373890f1100d20ea3b7acf7d29910c28d063b72be_ppc64le",
"relates_to_product_reference": "8Base-OADP-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-volume-snapshot-mover-rhel8@sha256:38bd37201f9c134251fe9ce946983e825e147dfda261c1fd226c8a8b811eb856_ppc64le as a component of 8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:38bd37201f9c134251fe9ce946983e825e147dfda261c1fd226c8a8b811eb856_ppc64le"
},
"product_reference": "oadp/oadp-volume-snapshot-mover-rhel8@sha256:38bd37201f9c134251fe9ce946983e825e147dfda261c1fd226c8a8b811eb856_ppc64le",
"relates_to_product_reference": "8Base-OADP-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-volume-snapshot-mover-rhel8@sha256:b20119014cbac4f356bd44052ec827df4eab1422aa5ed3ba7b0e0aa67c5d08ab_s390x as a component of 8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:b20119014cbac4f356bd44052ec827df4eab1422aa5ed3ba7b0e0aa67c5d08ab_s390x"
},
"product_reference": "oadp/oadp-volume-snapshot-mover-rhel8@sha256:b20119014cbac4f356bd44052ec827df4eab1422aa5ed3ba7b0e0aa67c5d08ab_s390x",
"relates_to_product_reference": "8Base-OADP-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-volume-snapshot-mover-rhel8@sha256:decf1467f5221c47d0e8926b0c603590393f630baa1973c8edae8494e2566dd4_amd64 as a component of 8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:decf1467f5221c47d0e8926b0c603590393f630baa1973c8edae8494e2566dd4_amd64"
},
"product_reference": "oadp/oadp-volume-snapshot-mover-rhel8@sha256:decf1467f5221c47d0e8926b0c603590393f630baa1973c8edae8494e2566dd4_amd64",
"relates_to_product_reference": "8Base-OADP-1.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-27191",
"cwe": {
"id": "CWE-327",
"name": "Use of a Broken or Risky Cryptographic Algorithm"
},
"discovery_date": "2022-03-16T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:36c41473747952825632ab37ace5230d035eb2b22437db43abc100774373bfff_ppc64le",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:4aed79cea350c699ffa3cddda3ffd5e1f00d46436ed4de7057161237661ae523_s390x",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:7a437c2304a2f8afe8116246ab7d984ea7bc474b075360ad25788eb20e418400_amd64",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2027f961b5eb33db40fba0d1037d3830b2e3a2de155ba37c03c0dd606a180b3e_ppc64le",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:bf295af188327b241546af2c4fda30b3915f76c8f05c7fadf1e120fafc95f276_amd64",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:eef2e1f2def5cd097ef5631e9d0c9d80b0ce936a09a9f4daa74ce1d60a5c29bc_s390x",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7eeaaa04427752f4ba63e3abd02899fb35a1ae7d015e3fe239283c47864f1127_s390x",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a037c78586906aee892976a712c3b7225fd7ec20d520f55ae24a898ef5a86d30_ppc64le",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a760acaf99548ee1782b665ce98ce7b6676eba294941e5b74c0d5a3ab5c5f9a3_amd64",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:a98b69c2bf5773a3527441ee44b51f27e50efb09fa73932e52598a6ba5a741eb_ppc64le",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:e7f8fb928593bf7504c195804bc1562cd3b9ffbc46bdb1d75e8e5c7558c76356_amd64",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:f756510de309cab2b9420e075ece2643cfe79c4c5bfa7c90f58ed06feb78775f_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:419731ee8118ac762e4115064832e71f1cda13552c40b727fc20c81b244d22a9_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:96343511b8cfe3ad9df3f5a1e2c51d3302d32b7eeeb6ea1e4822c8a6856d2d51_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:d7e7da1afcae5bc8510ab5c23517d8d28f96e47340016729088781a958213c01_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:349cbb1106879f862cd42f9c9af280046d339a9eded40428178f7453986d5b5b_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a3880a08c92474cd0e9cb3034eeeb6b6c5b7045359c1a19c9f0f98a144737188_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:b55afe58cdee505d05180e88dfcc0f630dcfa19a2bbec72d256e1d4e79141b99_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:9c095c3294dc83493db05fabe9bfef46a161074c486cf0ad46019c5d621ba586_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:a0fa3599feb43cfdd415ded5c311a4796713429c700a7089da01dc3b420e706c_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:daa244bd00fd98d46d05bb4bcb562178d50d138c00329199872f8d9f7ecf4160_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:079cc03ce02b8da51600ef0f50c7b979177da3faa48643fda991e26cb2979700_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:4d91ec9565f8bace77481e04f821680b760cc58134dbbe7ebf184d1aeec828b4_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:b2a7d30f3d367cac2637116ac5e79533dc79149631ed280fb6132cc92a5ea7aa_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:0b2f1f61c2fe58d4c78d4c2fa14ed8f643cce686239143cfd179701ca13c25fe_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:38ea3d805ff8b1b940974d3e1df14b9626b7f9be2c1df5c828edba35db6713a0_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:50095681181e1e145fbfdf0ed3d7586a69890c07636fb0397a9f4694e6f589ef_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:98fc312123a0d08b628601f674443825e915a54a91e89cbe0c47d8473b7be0b8_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:bcd91152819872f1ce051cdb8dd10a166ca917a6f4a40c1645bcc43a45e475fa_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:d7dfb48bcb7c385b5e403a161f9f75547191cbf9353d89655c49a49a507c3ff0_s390x",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:38bd37201f9c134251fe9ce946983e825e147dfda261c1fd226c8a8b811eb856_ppc64le",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:b20119014cbac4f356bd44052ec827df4eab1422aa5ed3ba7b0e0aa67c5d08ab_s390x",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:decf1467f5221c47d0e8926b0c603590393f630baa1973c8edae8494e2566dd4_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2064702"
}
],
"notes": [
{
"category": "description",
"text": "A broken cryptographic algorithm flaw was found in golang.org/x/crypto/ssh. This issue causes a client to fail authentication with RSA keys to servers that reject signature algorithms based on SHA-2, enabling an attacker to crash the server, resulting in a loss of availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crash in a golang.org/x/crypto/ssh server",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In OpenShift Container Platform (OCP) the vulnerable golang.org/x/crypto/ssh package is bundled in many components. The affected code is in the SSH server portion that is not used, hence the impact by this vulnerability is reduced. Additionally the OCP installer components, that also bundle vulnerable golang.org/x/crypto/ssh package, are used only during the cluster installation process, hence for already deployed and running OCP clusters the installer components are considered as affected by this vulnerability but not impacted.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:182617afd959e3848332d7ddf8e852c8bce783ebd20819dae709f62707a48553_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:378a1164f6a4b373ceb3324c4763f22a698f7ea011ee2cba695103666e6a5d09_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:c1903bb813958cf463966e5373890f1100d20ea3b7acf7d29910c28d063b72be_ppc64le"
],
"known_not_affected": [
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:36c41473747952825632ab37ace5230d035eb2b22437db43abc100774373bfff_ppc64le",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:4aed79cea350c699ffa3cddda3ffd5e1f00d46436ed4de7057161237661ae523_s390x",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:7a437c2304a2f8afe8116246ab7d984ea7bc474b075360ad25788eb20e418400_amd64",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2027f961b5eb33db40fba0d1037d3830b2e3a2de155ba37c03c0dd606a180b3e_ppc64le",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:bf295af188327b241546af2c4fda30b3915f76c8f05c7fadf1e120fafc95f276_amd64",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:eef2e1f2def5cd097ef5631e9d0c9d80b0ce936a09a9f4daa74ce1d60a5c29bc_s390x",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7eeaaa04427752f4ba63e3abd02899fb35a1ae7d015e3fe239283c47864f1127_s390x",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a037c78586906aee892976a712c3b7225fd7ec20d520f55ae24a898ef5a86d30_ppc64le",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a760acaf99548ee1782b665ce98ce7b6676eba294941e5b74c0d5a3ab5c5f9a3_amd64",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:a98b69c2bf5773a3527441ee44b51f27e50efb09fa73932e52598a6ba5a741eb_ppc64le",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:e7f8fb928593bf7504c195804bc1562cd3b9ffbc46bdb1d75e8e5c7558c76356_amd64",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:f756510de309cab2b9420e075ece2643cfe79c4c5bfa7c90f58ed06feb78775f_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:419731ee8118ac762e4115064832e71f1cda13552c40b727fc20c81b244d22a9_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:96343511b8cfe3ad9df3f5a1e2c51d3302d32b7eeeb6ea1e4822c8a6856d2d51_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:d7e7da1afcae5bc8510ab5c23517d8d28f96e47340016729088781a958213c01_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:349cbb1106879f862cd42f9c9af280046d339a9eded40428178f7453986d5b5b_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a3880a08c92474cd0e9cb3034eeeb6b6c5b7045359c1a19c9f0f98a144737188_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:b55afe58cdee505d05180e88dfcc0f630dcfa19a2bbec72d256e1d4e79141b99_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:9c095c3294dc83493db05fabe9bfef46a161074c486cf0ad46019c5d621ba586_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:a0fa3599feb43cfdd415ded5c311a4796713429c700a7089da01dc3b420e706c_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:daa244bd00fd98d46d05bb4bcb562178d50d138c00329199872f8d9f7ecf4160_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:079cc03ce02b8da51600ef0f50c7b979177da3faa48643fda991e26cb2979700_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:4d91ec9565f8bace77481e04f821680b760cc58134dbbe7ebf184d1aeec828b4_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:b2a7d30f3d367cac2637116ac5e79533dc79149631ed280fb6132cc92a5ea7aa_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:0b2f1f61c2fe58d4c78d4c2fa14ed8f643cce686239143cfd179701ca13c25fe_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:38ea3d805ff8b1b940974d3e1df14b9626b7f9be2c1df5c828edba35db6713a0_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:50095681181e1e145fbfdf0ed3d7586a69890c07636fb0397a9f4694e6f589ef_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:98fc312123a0d08b628601f674443825e915a54a91e89cbe0c47d8473b7be0b8_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:bcd91152819872f1ce051cdb8dd10a166ca917a6f4a40c1645bcc43a45e475fa_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:d7dfb48bcb7c385b5e403a161f9f75547191cbf9353d89655c49a49a507c3ff0_s390x",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:38bd37201f9c134251fe9ce946983e825e147dfda261c1fd226c8a8b811eb856_ppc64le",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:b20119014cbac4f356bd44052ec827df4eab1422aa5ed3ba7b0e0aa67c5d08ab_s390x",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:decf1467f5221c47d0e8926b0c603590393f630baa1973c8edae8494e2566dd4_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-27191"
},
{
"category": "external",
"summary": "RHBZ#2064702",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064702"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-27191",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27191"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-27191",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27191"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/-cp44ypCT5s/m/wmegxkLiAQAJ",
"url": "https://groups.google.com/g/golang-announce/c/-cp44ypCT5s/m/wmegxkLiAQAJ"
}
],
"release_date": "2022-03-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-28T02:51:35+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:182617afd959e3848332d7ddf8e852c8bce783ebd20819dae709f62707a48553_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:378a1164f6a4b373ceb3324c4763f22a698f7ea011ee2cba695103666e6a5d09_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:c1903bb813958cf463966e5373890f1100d20ea3b7acf7d29910c28d063b72be_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8634"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:36c41473747952825632ab37ace5230d035eb2b22437db43abc100774373bfff_ppc64le",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:4aed79cea350c699ffa3cddda3ffd5e1f00d46436ed4de7057161237661ae523_s390x",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:7a437c2304a2f8afe8116246ab7d984ea7bc474b075360ad25788eb20e418400_amd64",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2027f961b5eb33db40fba0d1037d3830b2e3a2de155ba37c03c0dd606a180b3e_ppc64le",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:bf295af188327b241546af2c4fda30b3915f76c8f05c7fadf1e120fafc95f276_amd64",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:eef2e1f2def5cd097ef5631e9d0c9d80b0ce936a09a9f4daa74ce1d60a5c29bc_s390x",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7eeaaa04427752f4ba63e3abd02899fb35a1ae7d015e3fe239283c47864f1127_s390x",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a037c78586906aee892976a712c3b7225fd7ec20d520f55ae24a898ef5a86d30_ppc64le",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a760acaf99548ee1782b665ce98ce7b6676eba294941e5b74c0d5a3ab5c5f9a3_amd64",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:a98b69c2bf5773a3527441ee44b51f27e50efb09fa73932e52598a6ba5a741eb_ppc64le",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:e7f8fb928593bf7504c195804bc1562cd3b9ffbc46bdb1d75e8e5c7558c76356_amd64",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:f756510de309cab2b9420e075ece2643cfe79c4c5bfa7c90f58ed06feb78775f_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:419731ee8118ac762e4115064832e71f1cda13552c40b727fc20c81b244d22a9_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:96343511b8cfe3ad9df3f5a1e2c51d3302d32b7eeeb6ea1e4822c8a6856d2d51_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:d7e7da1afcae5bc8510ab5c23517d8d28f96e47340016729088781a958213c01_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:349cbb1106879f862cd42f9c9af280046d339a9eded40428178f7453986d5b5b_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a3880a08c92474cd0e9cb3034eeeb6b6c5b7045359c1a19c9f0f98a144737188_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:b55afe58cdee505d05180e88dfcc0f630dcfa19a2bbec72d256e1d4e79141b99_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:9c095c3294dc83493db05fabe9bfef46a161074c486cf0ad46019c5d621ba586_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:a0fa3599feb43cfdd415ded5c311a4796713429c700a7089da01dc3b420e706c_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:daa244bd00fd98d46d05bb4bcb562178d50d138c00329199872f8d9f7ecf4160_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:079cc03ce02b8da51600ef0f50c7b979177da3faa48643fda991e26cb2979700_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:4d91ec9565f8bace77481e04f821680b760cc58134dbbe7ebf184d1aeec828b4_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:b2a7d30f3d367cac2637116ac5e79533dc79149631ed280fb6132cc92a5ea7aa_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:0b2f1f61c2fe58d4c78d4c2fa14ed8f643cce686239143cfd179701ca13c25fe_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:38ea3d805ff8b1b940974d3e1df14b9626b7f9be2c1df5c828edba35db6713a0_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:50095681181e1e145fbfdf0ed3d7586a69890c07636fb0397a9f4694e6f589ef_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:98fc312123a0d08b628601f674443825e915a54a91e89cbe0c47d8473b7be0b8_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:bcd91152819872f1ce051cdb8dd10a166ca917a6f4a40c1645bcc43a45e475fa_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:d7dfb48bcb7c385b5e403a161f9f75547191cbf9353d89655c49a49a507c3ff0_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:182617afd959e3848332d7ddf8e852c8bce783ebd20819dae709f62707a48553_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:378a1164f6a4b373ceb3324c4763f22a698f7ea011ee2cba695103666e6a5d09_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:c1903bb813958cf463966e5373890f1100d20ea3b7acf7d29910c28d063b72be_ppc64le",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:38bd37201f9c134251fe9ce946983e825e147dfda261c1fd226c8a8b811eb856_ppc64le",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:b20119014cbac4f356bd44052ec827df4eab1422aa5ed3ba7b0e0aa67c5d08ab_s390x",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:decf1467f5221c47d0e8926b0c603590393f630baa1973c8edae8494e2566dd4_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crash in a golang.org/x/crypto/ssh server"
},
{
"cve": "CVE-2022-27664",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-09-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:36c41473747952825632ab37ace5230d035eb2b22437db43abc100774373bfff_ppc64le",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:4aed79cea350c699ffa3cddda3ffd5e1f00d46436ed4de7057161237661ae523_s390x",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:7a437c2304a2f8afe8116246ab7d984ea7bc474b075360ad25788eb20e418400_amd64",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2027f961b5eb33db40fba0d1037d3830b2e3a2de155ba37c03c0dd606a180b3e_ppc64le",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:bf295af188327b241546af2c4fda30b3915f76c8f05c7fadf1e120fafc95f276_amd64",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:eef2e1f2def5cd097ef5631e9d0c9d80b0ce936a09a9f4daa74ce1d60a5c29bc_s390x",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7eeaaa04427752f4ba63e3abd02899fb35a1ae7d015e3fe239283c47864f1127_s390x",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a037c78586906aee892976a712c3b7225fd7ec20d520f55ae24a898ef5a86d30_ppc64le",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a760acaf99548ee1782b665ce98ce7b6676eba294941e5b74c0d5a3ab5c5f9a3_amd64",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:a98b69c2bf5773a3527441ee44b51f27e50efb09fa73932e52598a6ba5a741eb_ppc64le",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:e7f8fb928593bf7504c195804bc1562cd3b9ffbc46bdb1d75e8e5c7558c76356_amd64",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:f756510de309cab2b9420e075ece2643cfe79c4c5bfa7c90f58ed06feb78775f_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:419731ee8118ac762e4115064832e71f1cda13552c40b727fc20c81b244d22a9_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:96343511b8cfe3ad9df3f5a1e2c51d3302d32b7eeeb6ea1e4822c8a6856d2d51_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:d7e7da1afcae5bc8510ab5c23517d8d28f96e47340016729088781a958213c01_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:349cbb1106879f862cd42f9c9af280046d339a9eded40428178f7453986d5b5b_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a3880a08c92474cd0e9cb3034eeeb6b6c5b7045359c1a19c9f0f98a144737188_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:b55afe58cdee505d05180e88dfcc0f630dcfa19a2bbec72d256e1d4e79141b99_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:9c095c3294dc83493db05fabe9bfef46a161074c486cf0ad46019c5d621ba586_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:a0fa3599feb43cfdd415ded5c311a4796713429c700a7089da01dc3b420e706c_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:daa244bd00fd98d46d05bb4bcb562178d50d138c00329199872f8d9f7ecf4160_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:079cc03ce02b8da51600ef0f50c7b979177da3faa48643fda991e26cb2979700_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:4d91ec9565f8bace77481e04f821680b760cc58134dbbe7ebf184d1aeec828b4_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:b2a7d30f3d367cac2637116ac5e79533dc79149631ed280fb6132cc92a5ea7aa_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:0b2f1f61c2fe58d4c78d4c2fa14ed8f643cce686239143cfd179701ca13c25fe_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:38ea3d805ff8b1b940974d3e1df14b9626b7f9be2c1df5c828edba35db6713a0_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:50095681181e1e145fbfdf0ed3d7586a69890c07636fb0397a9f4694e6f589ef_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:98fc312123a0d08b628601f674443825e915a54a91e89cbe0c47d8473b7be0b8_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:bcd91152819872f1ce051cdb8dd10a166ca917a6f4a40c1645bcc43a45e475fa_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:d7dfb48bcb7c385b5e403a161f9f75547191cbf9353d89655c49a49a507c3ff0_s390x",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:38bd37201f9c134251fe9ce946983e825e147dfda261c1fd226c8a8b811eb856_ppc64le",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:b20119014cbac4f356bd44052ec827df4eab1422aa5ed3ba7b0e0aa67c5d08ab_s390x",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:decf1467f5221c47d0e8926b0c603590393f630baa1973c8edae8494e2566dd4_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2124669"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: handle server errors after sending GOAWAY",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:182617afd959e3848332d7ddf8e852c8bce783ebd20819dae709f62707a48553_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:378a1164f6a4b373ceb3324c4763f22a698f7ea011ee2cba695103666e6a5d09_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:c1903bb813958cf463966e5373890f1100d20ea3b7acf7d29910c28d063b72be_ppc64le"
],
"known_not_affected": [
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:36c41473747952825632ab37ace5230d035eb2b22437db43abc100774373bfff_ppc64le",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:4aed79cea350c699ffa3cddda3ffd5e1f00d46436ed4de7057161237661ae523_s390x",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:7a437c2304a2f8afe8116246ab7d984ea7bc474b075360ad25788eb20e418400_amd64",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2027f961b5eb33db40fba0d1037d3830b2e3a2de155ba37c03c0dd606a180b3e_ppc64le",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:bf295af188327b241546af2c4fda30b3915f76c8f05c7fadf1e120fafc95f276_amd64",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:eef2e1f2def5cd097ef5631e9d0c9d80b0ce936a09a9f4daa74ce1d60a5c29bc_s390x",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7eeaaa04427752f4ba63e3abd02899fb35a1ae7d015e3fe239283c47864f1127_s390x",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a037c78586906aee892976a712c3b7225fd7ec20d520f55ae24a898ef5a86d30_ppc64le",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a760acaf99548ee1782b665ce98ce7b6676eba294941e5b74c0d5a3ab5c5f9a3_amd64",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:a98b69c2bf5773a3527441ee44b51f27e50efb09fa73932e52598a6ba5a741eb_ppc64le",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:e7f8fb928593bf7504c195804bc1562cd3b9ffbc46bdb1d75e8e5c7558c76356_amd64",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:f756510de309cab2b9420e075ece2643cfe79c4c5bfa7c90f58ed06feb78775f_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:419731ee8118ac762e4115064832e71f1cda13552c40b727fc20c81b244d22a9_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:96343511b8cfe3ad9df3f5a1e2c51d3302d32b7eeeb6ea1e4822c8a6856d2d51_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:d7e7da1afcae5bc8510ab5c23517d8d28f96e47340016729088781a958213c01_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:349cbb1106879f862cd42f9c9af280046d339a9eded40428178f7453986d5b5b_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a3880a08c92474cd0e9cb3034eeeb6b6c5b7045359c1a19c9f0f98a144737188_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:b55afe58cdee505d05180e88dfcc0f630dcfa19a2bbec72d256e1d4e79141b99_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:9c095c3294dc83493db05fabe9bfef46a161074c486cf0ad46019c5d621ba586_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:a0fa3599feb43cfdd415ded5c311a4796713429c700a7089da01dc3b420e706c_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:daa244bd00fd98d46d05bb4bcb562178d50d138c00329199872f8d9f7ecf4160_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:079cc03ce02b8da51600ef0f50c7b979177da3faa48643fda991e26cb2979700_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:4d91ec9565f8bace77481e04f821680b760cc58134dbbe7ebf184d1aeec828b4_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:b2a7d30f3d367cac2637116ac5e79533dc79149631ed280fb6132cc92a5ea7aa_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:0b2f1f61c2fe58d4c78d4c2fa14ed8f643cce686239143cfd179701ca13c25fe_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:38ea3d805ff8b1b940974d3e1df14b9626b7f9be2c1df5c828edba35db6713a0_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:50095681181e1e145fbfdf0ed3d7586a69890c07636fb0397a9f4694e6f589ef_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:98fc312123a0d08b628601f674443825e915a54a91e89cbe0c47d8473b7be0b8_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:bcd91152819872f1ce051cdb8dd10a166ca917a6f4a40c1645bcc43a45e475fa_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:d7dfb48bcb7c385b5e403a161f9f75547191cbf9353d89655c49a49a507c3ff0_s390x",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:38bd37201f9c134251fe9ce946983e825e147dfda261c1fd226c8a8b811eb856_ppc64le",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:b20119014cbac4f356bd44052ec827df4eab1422aa5ed3ba7b0e0aa67c5d08ab_s390x",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:decf1467f5221c47d0e8926b0c603590393f630baa1973c8edae8494e2566dd4_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-27664"
},
{
"category": "external",
"summary": "RHBZ#2124669",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124669"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-27664",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27664"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-27664",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27664"
},
{
"category": "external",
"summary": "https://go.dev/issue/54658",
"url": "https://go.dev/issue/54658"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ",
"url": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ"
}
],
"release_date": "2022-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-28T02:51:35+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:182617afd959e3848332d7ddf8e852c8bce783ebd20819dae709f62707a48553_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:378a1164f6a4b373ceb3324c4763f22a698f7ea011ee2cba695103666e6a5d09_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:c1903bb813958cf463966e5373890f1100d20ea3b7acf7d29910c28d063b72be_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8634"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:36c41473747952825632ab37ace5230d035eb2b22437db43abc100774373bfff_ppc64le",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:4aed79cea350c699ffa3cddda3ffd5e1f00d46436ed4de7057161237661ae523_s390x",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:7a437c2304a2f8afe8116246ab7d984ea7bc474b075360ad25788eb20e418400_amd64",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2027f961b5eb33db40fba0d1037d3830b2e3a2de155ba37c03c0dd606a180b3e_ppc64le",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:bf295af188327b241546af2c4fda30b3915f76c8f05c7fadf1e120fafc95f276_amd64",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:eef2e1f2def5cd097ef5631e9d0c9d80b0ce936a09a9f4daa74ce1d60a5c29bc_s390x",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7eeaaa04427752f4ba63e3abd02899fb35a1ae7d015e3fe239283c47864f1127_s390x",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a037c78586906aee892976a712c3b7225fd7ec20d520f55ae24a898ef5a86d30_ppc64le",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a760acaf99548ee1782b665ce98ce7b6676eba294941e5b74c0d5a3ab5c5f9a3_amd64",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:a98b69c2bf5773a3527441ee44b51f27e50efb09fa73932e52598a6ba5a741eb_ppc64le",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:e7f8fb928593bf7504c195804bc1562cd3b9ffbc46bdb1d75e8e5c7558c76356_amd64",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:f756510de309cab2b9420e075ece2643cfe79c4c5bfa7c90f58ed06feb78775f_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:419731ee8118ac762e4115064832e71f1cda13552c40b727fc20c81b244d22a9_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:96343511b8cfe3ad9df3f5a1e2c51d3302d32b7eeeb6ea1e4822c8a6856d2d51_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:d7e7da1afcae5bc8510ab5c23517d8d28f96e47340016729088781a958213c01_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:349cbb1106879f862cd42f9c9af280046d339a9eded40428178f7453986d5b5b_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a3880a08c92474cd0e9cb3034eeeb6b6c5b7045359c1a19c9f0f98a144737188_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:b55afe58cdee505d05180e88dfcc0f630dcfa19a2bbec72d256e1d4e79141b99_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:9c095c3294dc83493db05fabe9bfef46a161074c486cf0ad46019c5d621ba586_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:a0fa3599feb43cfdd415ded5c311a4796713429c700a7089da01dc3b420e706c_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:daa244bd00fd98d46d05bb4bcb562178d50d138c00329199872f8d9f7ecf4160_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:079cc03ce02b8da51600ef0f50c7b979177da3faa48643fda991e26cb2979700_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:4d91ec9565f8bace77481e04f821680b760cc58134dbbe7ebf184d1aeec828b4_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:b2a7d30f3d367cac2637116ac5e79533dc79149631ed280fb6132cc92a5ea7aa_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:0b2f1f61c2fe58d4c78d4c2fa14ed8f643cce686239143cfd179701ca13c25fe_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:38ea3d805ff8b1b940974d3e1df14b9626b7f9be2c1df5c828edba35db6713a0_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:50095681181e1e145fbfdf0ed3d7586a69890c07636fb0397a9f4694e6f589ef_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:98fc312123a0d08b628601f674443825e915a54a91e89cbe0c47d8473b7be0b8_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:bcd91152819872f1ce051cdb8dd10a166ca917a6f4a40c1645bcc43a45e475fa_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:d7dfb48bcb7c385b5e403a161f9f75547191cbf9353d89655c49a49a507c3ff0_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:182617afd959e3848332d7ddf8e852c8bce783ebd20819dae709f62707a48553_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:378a1164f6a4b373ceb3324c4763f22a698f7ea011ee2cba695103666e6a5d09_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:c1903bb813958cf463966e5373890f1100d20ea3b7acf7d29910c28d063b72be_ppc64le",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:38bd37201f9c134251fe9ce946983e825e147dfda261c1fd226c8a8b811eb856_ppc64le",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:b20119014cbac4f356bd44052ec827df4eab1422aa5ed3ba7b0e0aa67c5d08ab_s390x",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:decf1467f5221c47d0e8926b0c603590393f630baa1973c8edae8494e2566dd4_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: handle server errors after sending GOAWAY"
},
{
"cve": "CVE-2022-30632",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:36c41473747952825632ab37ace5230d035eb2b22437db43abc100774373bfff_ppc64le",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:4aed79cea350c699ffa3cddda3ffd5e1f00d46436ed4de7057161237661ae523_s390x",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:7a437c2304a2f8afe8116246ab7d984ea7bc474b075360ad25788eb20e418400_amd64",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2027f961b5eb33db40fba0d1037d3830b2e3a2de155ba37c03c0dd606a180b3e_ppc64le",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:bf295af188327b241546af2c4fda30b3915f76c8f05c7fadf1e120fafc95f276_amd64",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:eef2e1f2def5cd097ef5631e9d0c9d80b0ce936a09a9f4daa74ce1d60a5c29bc_s390x",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7eeaaa04427752f4ba63e3abd02899fb35a1ae7d015e3fe239283c47864f1127_s390x",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a037c78586906aee892976a712c3b7225fd7ec20d520f55ae24a898ef5a86d30_ppc64le",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a760acaf99548ee1782b665ce98ce7b6676eba294941e5b74c0d5a3ab5c5f9a3_amd64",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:a98b69c2bf5773a3527441ee44b51f27e50efb09fa73932e52598a6ba5a741eb_ppc64le",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:e7f8fb928593bf7504c195804bc1562cd3b9ffbc46bdb1d75e8e5c7558c76356_amd64",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:f756510de309cab2b9420e075ece2643cfe79c4c5bfa7c90f58ed06feb78775f_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:419731ee8118ac762e4115064832e71f1cda13552c40b727fc20c81b244d22a9_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:96343511b8cfe3ad9df3f5a1e2c51d3302d32b7eeeb6ea1e4822c8a6856d2d51_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:d7e7da1afcae5bc8510ab5c23517d8d28f96e47340016729088781a958213c01_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:349cbb1106879f862cd42f9c9af280046d339a9eded40428178f7453986d5b5b_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a3880a08c92474cd0e9cb3034eeeb6b6c5b7045359c1a19c9f0f98a144737188_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:b55afe58cdee505d05180e88dfcc0f630dcfa19a2bbec72d256e1d4e79141b99_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:9c095c3294dc83493db05fabe9bfef46a161074c486cf0ad46019c5d621ba586_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:a0fa3599feb43cfdd415ded5c311a4796713429c700a7089da01dc3b420e706c_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:daa244bd00fd98d46d05bb4bcb562178d50d138c00329199872f8d9f7ecf4160_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:079cc03ce02b8da51600ef0f50c7b979177da3faa48643fda991e26cb2979700_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:4d91ec9565f8bace77481e04f821680b760cc58134dbbe7ebf184d1aeec828b4_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:b2a7d30f3d367cac2637116ac5e79533dc79149631ed280fb6132cc92a5ea7aa_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:0b2f1f61c2fe58d4c78d4c2fa14ed8f643cce686239143cfd179701ca13c25fe_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:38ea3d805ff8b1b940974d3e1df14b9626b7f9be2c1df5c828edba35db6713a0_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:50095681181e1e145fbfdf0ed3d7586a69890c07636fb0397a9f4694e6f589ef_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:98fc312123a0d08b628601f674443825e915a54a91e89cbe0c47d8473b7be0b8_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:bcd91152819872f1ce051cdb8dd10a166ca917a6f4a40c1645bcc43a45e475fa_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:d7dfb48bcb7c385b5e403a161f9f75547191cbf9353d89655c49a49a507c3ff0_s390x",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:38bd37201f9c134251fe9ce946983e825e147dfda261c1fd226c8a8b811eb856_ppc64le",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:b20119014cbac4f356bd44052ec827df4eab1422aa5ed3ba7b0e0aa67c5d08ab_s390x",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:decf1467f5221c47d0e8926b0c603590393f630baa1973c8edae8494e2566dd4_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107386"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This can cause an attacker to impact availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: path/filepath: stack exhaustion in Glob",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The exploitation of this flaw will only result in a denial of service of the application via the application crashing which is why this has been rated as moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:182617afd959e3848332d7ddf8e852c8bce783ebd20819dae709f62707a48553_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:378a1164f6a4b373ceb3324c4763f22a698f7ea011ee2cba695103666e6a5d09_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:c1903bb813958cf463966e5373890f1100d20ea3b7acf7d29910c28d063b72be_ppc64le"
],
"known_not_affected": [
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:36c41473747952825632ab37ace5230d035eb2b22437db43abc100774373bfff_ppc64le",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:4aed79cea350c699ffa3cddda3ffd5e1f00d46436ed4de7057161237661ae523_s390x",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:7a437c2304a2f8afe8116246ab7d984ea7bc474b075360ad25788eb20e418400_amd64",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2027f961b5eb33db40fba0d1037d3830b2e3a2de155ba37c03c0dd606a180b3e_ppc64le",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:bf295af188327b241546af2c4fda30b3915f76c8f05c7fadf1e120fafc95f276_amd64",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:eef2e1f2def5cd097ef5631e9d0c9d80b0ce936a09a9f4daa74ce1d60a5c29bc_s390x",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7eeaaa04427752f4ba63e3abd02899fb35a1ae7d015e3fe239283c47864f1127_s390x",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a037c78586906aee892976a712c3b7225fd7ec20d520f55ae24a898ef5a86d30_ppc64le",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a760acaf99548ee1782b665ce98ce7b6676eba294941e5b74c0d5a3ab5c5f9a3_amd64",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:a98b69c2bf5773a3527441ee44b51f27e50efb09fa73932e52598a6ba5a741eb_ppc64le",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:e7f8fb928593bf7504c195804bc1562cd3b9ffbc46bdb1d75e8e5c7558c76356_amd64",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:f756510de309cab2b9420e075ece2643cfe79c4c5bfa7c90f58ed06feb78775f_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:419731ee8118ac762e4115064832e71f1cda13552c40b727fc20c81b244d22a9_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:96343511b8cfe3ad9df3f5a1e2c51d3302d32b7eeeb6ea1e4822c8a6856d2d51_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:d7e7da1afcae5bc8510ab5c23517d8d28f96e47340016729088781a958213c01_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:349cbb1106879f862cd42f9c9af280046d339a9eded40428178f7453986d5b5b_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a3880a08c92474cd0e9cb3034eeeb6b6c5b7045359c1a19c9f0f98a144737188_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:b55afe58cdee505d05180e88dfcc0f630dcfa19a2bbec72d256e1d4e79141b99_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:9c095c3294dc83493db05fabe9bfef46a161074c486cf0ad46019c5d621ba586_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:a0fa3599feb43cfdd415ded5c311a4796713429c700a7089da01dc3b420e706c_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:daa244bd00fd98d46d05bb4bcb562178d50d138c00329199872f8d9f7ecf4160_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:079cc03ce02b8da51600ef0f50c7b979177da3faa48643fda991e26cb2979700_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:4d91ec9565f8bace77481e04f821680b760cc58134dbbe7ebf184d1aeec828b4_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:b2a7d30f3d367cac2637116ac5e79533dc79149631ed280fb6132cc92a5ea7aa_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:0b2f1f61c2fe58d4c78d4c2fa14ed8f643cce686239143cfd179701ca13c25fe_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:38ea3d805ff8b1b940974d3e1df14b9626b7f9be2c1df5c828edba35db6713a0_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:50095681181e1e145fbfdf0ed3d7586a69890c07636fb0397a9f4694e6f589ef_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:98fc312123a0d08b628601f674443825e915a54a91e89cbe0c47d8473b7be0b8_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:bcd91152819872f1ce051cdb8dd10a166ca917a6f4a40c1645bcc43a45e475fa_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:d7dfb48bcb7c385b5e403a161f9f75547191cbf9353d89655c49a49a507c3ff0_s390x",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:38bd37201f9c134251fe9ce946983e825e147dfda261c1fd226c8a8b811eb856_ppc64le",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:b20119014cbac4f356bd44052ec827df4eab1422aa5ed3ba7b0e0aa67c5d08ab_s390x",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:decf1467f5221c47d0e8926b0c603590393f630baa1973c8edae8494e2566dd4_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30632"
},
{
"category": "external",
"summary": "RHBZ#2107386",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107386"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30632",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30632"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30632",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30632"
},
{
"category": "external",
"summary": "https://go.dev/issue/53416",
"url": "https://go.dev/issue/53416"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-28T02:51:35+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:182617afd959e3848332d7ddf8e852c8bce783ebd20819dae709f62707a48553_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:378a1164f6a4b373ceb3324c4763f22a698f7ea011ee2cba695103666e6a5d09_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:c1903bb813958cf463966e5373890f1100d20ea3b7acf7d29910c28d063b72be_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8634"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:36c41473747952825632ab37ace5230d035eb2b22437db43abc100774373bfff_ppc64le",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:4aed79cea350c699ffa3cddda3ffd5e1f00d46436ed4de7057161237661ae523_s390x",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:7a437c2304a2f8afe8116246ab7d984ea7bc474b075360ad25788eb20e418400_amd64",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2027f961b5eb33db40fba0d1037d3830b2e3a2de155ba37c03c0dd606a180b3e_ppc64le",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:bf295af188327b241546af2c4fda30b3915f76c8f05c7fadf1e120fafc95f276_amd64",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:eef2e1f2def5cd097ef5631e9d0c9d80b0ce936a09a9f4daa74ce1d60a5c29bc_s390x",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7eeaaa04427752f4ba63e3abd02899fb35a1ae7d015e3fe239283c47864f1127_s390x",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a037c78586906aee892976a712c3b7225fd7ec20d520f55ae24a898ef5a86d30_ppc64le",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a760acaf99548ee1782b665ce98ce7b6676eba294941e5b74c0d5a3ab5c5f9a3_amd64",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:a98b69c2bf5773a3527441ee44b51f27e50efb09fa73932e52598a6ba5a741eb_ppc64le",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:e7f8fb928593bf7504c195804bc1562cd3b9ffbc46bdb1d75e8e5c7558c76356_amd64",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:f756510de309cab2b9420e075ece2643cfe79c4c5bfa7c90f58ed06feb78775f_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:419731ee8118ac762e4115064832e71f1cda13552c40b727fc20c81b244d22a9_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:96343511b8cfe3ad9df3f5a1e2c51d3302d32b7eeeb6ea1e4822c8a6856d2d51_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:d7e7da1afcae5bc8510ab5c23517d8d28f96e47340016729088781a958213c01_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:349cbb1106879f862cd42f9c9af280046d339a9eded40428178f7453986d5b5b_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a3880a08c92474cd0e9cb3034eeeb6b6c5b7045359c1a19c9f0f98a144737188_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:b55afe58cdee505d05180e88dfcc0f630dcfa19a2bbec72d256e1d4e79141b99_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:9c095c3294dc83493db05fabe9bfef46a161074c486cf0ad46019c5d621ba586_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:a0fa3599feb43cfdd415ded5c311a4796713429c700a7089da01dc3b420e706c_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:daa244bd00fd98d46d05bb4bcb562178d50d138c00329199872f8d9f7ecf4160_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:079cc03ce02b8da51600ef0f50c7b979177da3faa48643fda991e26cb2979700_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:4d91ec9565f8bace77481e04f821680b760cc58134dbbe7ebf184d1aeec828b4_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:b2a7d30f3d367cac2637116ac5e79533dc79149631ed280fb6132cc92a5ea7aa_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:0b2f1f61c2fe58d4c78d4c2fa14ed8f643cce686239143cfd179701ca13c25fe_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:38ea3d805ff8b1b940974d3e1df14b9626b7f9be2c1df5c828edba35db6713a0_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:50095681181e1e145fbfdf0ed3d7586a69890c07636fb0397a9f4694e6f589ef_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:98fc312123a0d08b628601f674443825e915a54a91e89cbe0c47d8473b7be0b8_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:bcd91152819872f1ce051cdb8dd10a166ca917a6f4a40c1645bcc43a45e475fa_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:d7dfb48bcb7c385b5e403a161f9f75547191cbf9353d89655c49a49a507c3ff0_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:182617afd959e3848332d7ddf8e852c8bce783ebd20819dae709f62707a48553_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:378a1164f6a4b373ceb3324c4763f22a698f7ea011ee2cba695103666e6a5d09_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:c1903bb813958cf463966e5373890f1100d20ea3b7acf7d29910c28d063b72be_ppc64le",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:38bd37201f9c134251fe9ce946983e825e147dfda261c1fd226c8a8b811eb856_ppc64le",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:b20119014cbac4f356bd44052ec827df4eab1422aa5ed3ba7b0e0aa67c5d08ab_s390x",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:decf1467f5221c47d0e8926b0c603590393f630baa1973c8edae8494e2566dd4_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: path/filepath: stack exhaustion in Glob"
},
{
"cve": "CVE-2022-30635",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:36c41473747952825632ab37ace5230d035eb2b22437db43abc100774373bfff_ppc64le",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:4aed79cea350c699ffa3cddda3ffd5e1f00d46436ed4de7057161237661ae523_s390x",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:7a437c2304a2f8afe8116246ab7d984ea7bc474b075360ad25788eb20e418400_amd64",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2027f961b5eb33db40fba0d1037d3830b2e3a2de155ba37c03c0dd606a180b3e_ppc64le",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:bf295af188327b241546af2c4fda30b3915f76c8f05c7fadf1e120fafc95f276_amd64",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:eef2e1f2def5cd097ef5631e9d0c9d80b0ce936a09a9f4daa74ce1d60a5c29bc_s390x",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7eeaaa04427752f4ba63e3abd02899fb35a1ae7d015e3fe239283c47864f1127_s390x",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a037c78586906aee892976a712c3b7225fd7ec20d520f55ae24a898ef5a86d30_ppc64le",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a760acaf99548ee1782b665ce98ce7b6676eba294941e5b74c0d5a3ab5c5f9a3_amd64",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:a98b69c2bf5773a3527441ee44b51f27e50efb09fa73932e52598a6ba5a741eb_ppc64le",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:e7f8fb928593bf7504c195804bc1562cd3b9ffbc46bdb1d75e8e5c7558c76356_amd64",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:f756510de309cab2b9420e075ece2643cfe79c4c5bfa7c90f58ed06feb78775f_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:419731ee8118ac762e4115064832e71f1cda13552c40b727fc20c81b244d22a9_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:96343511b8cfe3ad9df3f5a1e2c51d3302d32b7eeeb6ea1e4822c8a6856d2d51_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:d7e7da1afcae5bc8510ab5c23517d8d28f96e47340016729088781a958213c01_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:349cbb1106879f862cd42f9c9af280046d339a9eded40428178f7453986d5b5b_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a3880a08c92474cd0e9cb3034eeeb6b6c5b7045359c1a19c9f0f98a144737188_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:b55afe58cdee505d05180e88dfcc0f630dcfa19a2bbec72d256e1d4e79141b99_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:9c095c3294dc83493db05fabe9bfef46a161074c486cf0ad46019c5d621ba586_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:a0fa3599feb43cfdd415ded5c311a4796713429c700a7089da01dc3b420e706c_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:daa244bd00fd98d46d05bb4bcb562178d50d138c00329199872f8d9f7ecf4160_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:079cc03ce02b8da51600ef0f50c7b979177da3faa48643fda991e26cb2979700_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:4d91ec9565f8bace77481e04f821680b760cc58134dbbe7ebf184d1aeec828b4_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:b2a7d30f3d367cac2637116ac5e79533dc79149631ed280fb6132cc92a5ea7aa_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:0b2f1f61c2fe58d4c78d4c2fa14ed8f643cce686239143cfd179701ca13c25fe_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:38ea3d805ff8b1b940974d3e1df14b9626b7f9be2c1df5c828edba35db6713a0_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:50095681181e1e145fbfdf0ed3d7586a69890c07636fb0397a9f4694e6f589ef_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:98fc312123a0d08b628601f674443825e915a54a91e89cbe0c47d8473b7be0b8_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:bcd91152819872f1ce051cdb8dd10a166ca917a6f4a40c1645bcc43a45e475fa_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:d7dfb48bcb7c385b5e403a161f9f75547191cbf9353d89655c49a49a507c3ff0_s390x",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:38bd37201f9c134251fe9ce946983e825e147dfda261c1fd226c8a8b811eb856_ppc64le",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:b20119014cbac4f356bd44052ec827df4eab1422aa5ed3ba7b0e0aa67c5d08ab_s390x",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:decf1467f5221c47d0e8926b0c603590393f630baa1973c8edae8494e2566dd4_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107388"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. When calling Decoder, Decode on a message that contains deeply nested structures, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: encoding/gob: stack exhaustion in Decoder.Decode",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform (OCP) starting from 4.10 stream is already compiled in the patched version of Go, hence is not affected by this vulnerability.The vulnerability has been rated as moderate instead of high because the vulnerability can only result in a minor denial of service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:182617afd959e3848332d7ddf8e852c8bce783ebd20819dae709f62707a48553_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:378a1164f6a4b373ceb3324c4763f22a698f7ea011ee2cba695103666e6a5d09_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:c1903bb813958cf463966e5373890f1100d20ea3b7acf7d29910c28d063b72be_ppc64le"
],
"known_not_affected": [
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:36c41473747952825632ab37ace5230d035eb2b22437db43abc100774373bfff_ppc64le",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:4aed79cea350c699ffa3cddda3ffd5e1f00d46436ed4de7057161237661ae523_s390x",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:7a437c2304a2f8afe8116246ab7d984ea7bc474b075360ad25788eb20e418400_amd64",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2027f961b5eb33db40fba0d1037d3830b2e3a2de155ba37c03c0dd606a180b3e_ppc64le",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:bf295af188327b241546af2c4fda30b3915f76c8f05c7fadf1e120fafc95f276_amd64",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:eef2e1f2def5cd097ef5631e9d0c9d80b0ce936a09a9f4daa74ce1d60a5c29bc_s390x",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7eeaaa04427752f4ba63e3abd02899fb35a1ae7d015e3fe239283c47864f1127_s390x",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a037c78586906aee892976a712c3b7225fd7ec20d520f55ae24a898ef5a86d30_ppc64le",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a760acaf99548ee1782b665ce98ce7b6676eba294941e5b74c0d5a3ab5c5f9a3_amd64",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:a98b69c2bf5773a3527441ee44b51f27e50efb09fa73932e52598a6ba5a741eb_ppc64le",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:e7f8fb928593bf7504c195804bc1562cd3b9ffbc46bdb1d75e8e5c7558c76356_amd64",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:f756510de309cab2b9420e075ece2643cfe79c4c5bfa7c90f58ed06feb78775f_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:419731ee8118ac762e4115064832e71f1cda13552c40b727fc20c81b244d22a9_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:96343511b8cfe3ad9df3f5a1e2c51d3302d32b7eeeb6ea1e4822c8a6856d2d51_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:d7e7da1afcae5bc8510ab5c23517d8d28f96e47340016729088781a958213c01_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:349cbb1106879f862cd42f9c9af280046d339a9eded40428178f7453986d5b5b_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a3880a08c92474cd0e9cb3034eeeb6b6c5b7045359c1a19c9f0f98a144737188_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:b55afe58cdee505d05180e88dfcc0f630dcfa19a2bbec72d256e1d4e79141b99_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:9c095c3294dc83493db05fabe9bfef46a161074c486cf0ad46019c5d621ba586_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:a0fa3599feb43cfdd415ded5c311a4796713429c700a7089da01dc3b420e706c_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:daa244bd00fd98d46d05bb4bcb562178d50d138c00329199872f8d9f7ecf4160_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:079cc03ce02b8da51600ef0f50c7b979177da3faa48643fda991e26cb2979700_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:4d91ec9565f8bace77481e04f821680b760cc58134dbbe7ebf184d1aeec828b4_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:b2a7d30f3d367cac2637116ac5e79533dc79149631ed280fb6132cc92a5ea7aa_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:0b2f1f61c2fe58d4c78d4c2fa14ed8f643cce686239143cfd179701ca13c25fe_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:38ea3d805ff8b1b940974d3e1df14b9626b7f9be2c1df5c828edba35db6713a0_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:50095681181e1e145fbfdf0ed3d7586a69890c07636fb0397a9f4694e6f589ef_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:98fc312123a0d08b628601f674443825e915a54a91e89cbe0c47d8473b7be0b8_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:bcd91152819872f1ce051cdb8dd10a166ca917a6f4a40c1645bcc43a45e475fa_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:d7dfb48bcb7c385b5e403a161f9f75547191cbf9353d89655c49a49a507c3ff0_s390x",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:38bd37201f9c134251fe9ce946983e825e147dfda261c1fd226c8a8b811eb856_ppc64le",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:b20119014cbac4f356bd44052ec827df4eab1422aa5ed3ba7b0e0aa67c5d08ab_s390x",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:decf1467f5221c47d0e8926b0c603590393f630baa1973c8edae8494e2566dd4_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30635"
},
{
"category": "external",
"summary": "RHBZ#2107388",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107388"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30635",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30635"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30635",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30635"
},
{
"category": "external",
"summary": "https://go.dev/issue/53615",
"url": "https://go.dev/issue/53615"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-28T02:51:35+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:182617afd959e3848332d7ddf8e852c8bce783ebd20819dae709f62707a48553_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:378a1164f6a4b373ceb3324c4763f22a698f7ea011ee2cba695103666e6a5d09_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:c1903bb813958cf463966e5373890f1100d20ea3b7acf7d29910c28d063b72be_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8634"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:36c41473747952825632ab37ace5230d035eb2b22437db43abc100774373bfff_ppc64le",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:4aed79cea350c699ffa3cddda3ffd5e1f00d46436ed4de7057161237661ae523_s390x",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:7a437c2304a2f8afe8116246ab7d984ea7bc474b075360ad25788eb20e418400_amd64",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2027f961b5eb33db40fba0d1037d3830b2e3a2de155ba37c03c0dd606a180b3e_ppc64le",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:bf295af188327b241546af2c4fda30b3915f76c8f05c7fadf1e120fafc95f276_amd64",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:eef2e1f2def5cd097ef5631e9d0c9d80b0ce936a09a9f4daa74ce1d60a5c29bc_s390x",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7eeaaa04427752f4ba63e3abd02899fb35a1ae7d015e3fe239283c47864f1127_s390x",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a037c78586906aee892976a712c3b7225fd7ec20d520f55ae24a898ef5a86d30_ppc64le",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a760acaf99548ee1782b665ce98ce7b6676eba294941e5b74c0d5a3ab5c5f9a3_amd64",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:a98b69c2bf5773a3527441ee44b51f27e50efb09fa73932e52598a6ba5a741eb_ppc64le",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:e7f8fb928593bf7504c195804bc1562cd3b9ffbc46bdb1d75e8e5c7558c76356_amd64",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:f756510de309cab2b9420e075ece2643cfe79c4c5bfa7c90f58ed06feb78775f_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:419731ee8118ac762e4115064832e71f1cda13552c40b727fc20c81b244d22a9_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:96343511b8cfe3ad9df3f5a1e2c51d3302d32b7eeeb6ea1e4822c8a6856d2d51_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:d7e7da1afcae5bc8510ab5c23517d8d28f96e47340016729088781a958213c01_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:349cbb1106879f862cd42f9c9af280046d339a9eded40428178f7453986d5b5b_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a3880a08c92474cd0e9cb3034eeeb6b6c5b7045359c1a19c9f0f98a144737188_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:b55afe58cdee505d05180e88dfcc0f630dcfa19a2bbec72d256e1d4e79141b99_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:9c095c3294dc83493db05fabe9bfef46a161074c486cf0ad46019c5d621ba586_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:a0fa3599feb43cfdd415ded5c311a4796713429c700a7089da01dc3b420e706c_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:daa244bd00fd98d46d05bb4bcb562178d50d138c00329199872f8d9f7ecf4160_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:079cc03ce02b8da51600ef0f50c7b979177da3faa48643fda991e26cb2979700_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:4d91ec9565f8bace77481e04f821680b760cc58134dbbe7ebf184d1aeec828b4_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:b2a7d30f3d367cac2637116ac5e79533dc79149631ed280fb6132cc92a5ea7aa_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:0b2f1f61c2fe58d4c78d4c2fa14ed8f643cce686239143cfd179701ca13c25fe_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:38ea3d805ff8b1b940974d3e1df14b9626b7f9be2c1df5c828edba35db6713a0_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:50095681181e1e145fbfdf0ed3d7586a69890c07636fb0397a9f4694e6f589ef_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:98fc312123a0d08b628601f674443825e915a54a91e89cbe0c47d8473b7be0b8_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:bcd91152819872f1ce051cdb8dd10a166ca917a6f4a40c1645bcc43a45e475fa_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:d7dfb48bcb7c385b5e403a161f9f75547191cbf9353d89655c49a49a507c3ff0_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:182617afd959e3848332d7ddf8e852c8bce783ebd20819dae709f62707a48553_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:378a1164f6a4b373ceb3324c4763f22a698f7ea011ee2cba695103666e6a5d09_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:c1903bb813958cf463966e5373890f1100d20ea3b7acf7d29910c28d063b72be_ppc64le",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:38bd37201f9c134251fe9ce946983e825e147dfda261c1fd226c8a8b811eb856_ppc64le",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:b20119014cbac4f356bd44052ec827df4eab1422aa5ed3ba7b0e0aa67c5d08ab_s390x",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:decf1467f5221c47d0e8926b0c603590393f630baa1973c8edae8494e2566dd4_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: encoding/gob: stack exhaustion in Decoder.Decode"
},
{
"cve": "CVE-2022-32190",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2022-09-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:36c41473747952825632ab37ace5230d035eb2b22437db43abc100774373bfff_ppc64le",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:4aed79cea350c699ffa3cddda3ffd5e1f00d46436ed4de7057161237661ae523_s390x",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:7a437c2304a2f8afe8116246ab7d984ea7bc474b075360ad25788eb20e418400_amd64",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2027f961b5eb33db40fba0d1037d3830b2e3a2de155ba37c03c0dd606a180b3e_ppc64le",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:bf295af188327b241546af2c4fda30b3915f76c8f05c7fadf1e120fafc95f276_amd64",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:eef2e1f2def5cd097ef5631e9d0c9d80b0ce936a09a9f4daa74ce1d60a5c29bc_s390x",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7eeaaa04427752f4ba63e3abd02899fb35a1ae7d015e3fe239283c47864f1127_s390x",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a037c78586906aee892976a712c3b7225fd7ec20d520f55ae24a898ef5a86d30_ppc64le",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a760acaf99548ee1782b665ce98ce7b6676eba294941e5b74c0d5a3ab5c5f9a3_amd64",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:a98b69c2bf5773a3527441ee44b51f27e50efb09fa73932e52598a6ba5a741eb_ppc64le",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:e7f8fb928593bf7504c195804bc1562cd3b9ffbc46bdb1d75e8e5c7558c76356_amd64",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:f756510de309cab2b9420e075ece2643cfe79c4c5bfa7c90f58ed06feb78775f_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:419731ee8118ac762e4115064832e71f1cda13552c40b727fc20c81b244d22a9_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:96343511b8cfe3ad9df3f5a1e2c51d3302d32b7eeeb6ea1e4822c8a6856d2d51_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:d7e7da1afcae5bc8510ab5c23517d8d28f96e47340016729088781a958213c01_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:349cbb1106879f862cd42f9c9af280046d339a9eded40428178f7453986d5b5b_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a3880a08c92474cd0e9cb3034eeeb6b6c5b7045359c1a19c9f0f98a144737188_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:b55afe58cdee505d05180e88dfcc0f630dcfa19a2bbec72d256e1d4e79141b99_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:9c095c3294dc83493db05fabe9bfef46a161074c486cf0ad46019c5d621ba586_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:a0fa3599feb43cfdd415ded5c311a4796713429c700a7089da01dc3b420e706c_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:daa244bd00fd98d46d05bb4bcb562178d50d138c00329199872f8d9f7ecf4160_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:079cc03ce02b8da51600ef0f50c7b979177da3faa48643fda991e26cb2979700_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:4d91ec9565f8bace77481e04f821680b760cc58134dbbe7ebf184d1aeec828b4_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:b2a7d30f3d367cac2637116ac5e79533dc79149631ed280fb6132cc92a5ea7aa_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:0b2f1f61c2fe58d4c78d4c2fa14ed8f643cce686239143cfd179701ca13c25fe_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:38ea3d805ff8b1b940974d3e1df14b9626b7f9be2c1df5c828edba35db6713a0_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:50095681181e1e145fbfdf0ed3d7586a69890c07636fb0397a9f4694e6f589ef_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:98fc312123a0d08b628601f674443825e915a54a91e89cbe0c47d8473b7be0b8_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:bcd91152819872f1ce051cdb8dd10a166ca917a6f4a40c1645bcc43a45e475fa_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:d7dfb48bcb7c385b5e403a161f9f75547191cbf9353d89655c49a49a507c3ff0_s390x",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:38bd37201f9c134251fe9ce946983e825e147dfda261c1fd226c8a8b811eb856_ppc64le",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:b20119014cbac4f356bd44052ec827df4eab1422aa5ed3ba7b0e0aa67c5d08ab_s390x",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:decf1467f5221c47d0e8926b0c603590393f630baa1973c8edae8494e2566dd4_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2124668"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package. The JoinPath doesn\u0027t remove the ../ path components appended to a domain that is not terminated by a slash, possibly leading to a directory traversal attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: JoinPath does not strip relative path components in all circumstances",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The vulnerable functions, JoinPath and URL.JoinPath was introduced in upstream go1.19, whereas, RHEL ships go1.17 and go1.18 versions, which does not contain the vulnerable code. Hence, packages shipped with RHEL-8, RHEL-9 are not affected.\n\nAll Y stream releases of OpenShift Container Platform 4 run on RHEL-8 or RHEL-9, so OCP 4 is also not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:182617afd959e3848332d7ddf8e852c8bce783ebd20819dae709f62707a48553_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:378a1164f6a4b373ceb3324c4763f22a698f7ea011ee2cba695103666e6a5d09_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:c1903bb813958cf463966e5373890f1100d20ea3b7acf7d29910c28d063b72be_ppc64le"
],
"known_not_affected": [
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:36c41473747952825632ab37ace5230d035eb2b22437db43abc100774373bfff_ppc64le",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:4aed79cea350c699ffa3cddda3ffd5e1f00d46436ed4de7057161237661ae523_s390x",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:7a437c2304a2f8afe8116246ab7d984ea7bc474b075360ad25788eb20e418400_amd64",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2027f961b5eb33db40fba0d1037d3830b2e3a2de155ba37c03c0dd606a180b3e_ppc64le",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:bf295af188327b241546af2c4fda30b3915f76c8f05c7fadf1e120fafc95f276_amd64",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:eef2e1f2def5cd097ef5631e9d0c9d80b0ce936a09a9f4daa74ce1d60a5c29bc_s390x",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7eeaaa04427752f4ba63e3abd02899fb35a1ae7d015e3fe239283c47864f1127_s390x",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a037c78586906aee892976a712c3b7225fd7ec20d520f55ae24a898ef5a86d30_ppc64le",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a760acaf99548ee1782b665ce98ce7b6676eba294941e5b74c0d5a3ab5c5f9a3_amd64",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:a98b69c2bf5773a3527441ee44b51f27e50efb09fa73932e52598a6ba5a741eb_ppc64le",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:e7f8fb928593bf7504c195804bc1562cd3b9ffbc46bdb1d75e8e5c7558c76356_amd64",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:f756510de309cab2b9420e075ece2643cfe79c4c5bfa7c90f58ed06feb78775f_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:419731ee8118ac762e4115064832e71f1cda13552c40b727fc20c81b244d22a9_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:96343511b8cfe3ad9df3f5a1e2c51d3302d32b7eeeb6ea1e4822c8a6856d2d51_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:d7e7da1afcae5bc8510ab5c23517d8d28f96e47340016729088781a958213c01_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:349cbb1106879f862cd42f9c9af280046d339a9eded40428178f7453986d5b5b_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a3880a08c92474cd0e9cb3034eeeb6b6c5b7045359c1a19c9f0f98a144737188_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:b55afe58cdee505d05180e88dfcc0f630dcfa19a2bbec72d256e1d4e79141b99_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:9c095c3294dc83493db05fabe9bfef46a161074c486cf0ad46019c5d621ba586_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:a0fa3599feb43cfdd415ded5c311a4796713429c700a7089da01dc3b420e706c_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:daa244bd00fd98d46d05bb4bcb562178d50d138c00329199872f8d9f7ecf4160_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:079cc03ce02b8da51600ef0f50c7b979177da3faa48643fda991e26cb2979700_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:4d91ec9565f8bace77481e04f821680b760cc58134dbbe7ebf184d1aeec828b4_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:b2a7d30f3d367cac2637116ac5e79533dc79149631ed280fb6132cc92a5ea7aa_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:0b2f1f61c2fe58d4c78d4c2fa14ed8f643cce686239143cfd179701ca13c25fe_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:38ea3d805ff8b1b940974d3e1df14b9626b7f9be2c1df5c828edba35db6713a0_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:50095681181e1e145fbfdf0ed3d7586a69890c07636fb0397a9f4694e6f589ef_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:98fc312123a0d08b628601f674443825e915a54a91e89cbe0c47d8473b7be0b8_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:bcd91152819872f1ce051cdb8dd10a166ca917a6f4a40c1645bcc43a45e475fa_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:d7dfb48bcb7c385b5e403a161f9f75547191cbf9353d89655c49a49a507c3ff0_s390x",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:38bd37201f9c134251fe9ce946983e825e147dfda261c1fd226c8a8b811eb856_ppc64le",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:b20119014cbac4f356bd44052ec827df4eab1422aa5ed3ba7b0e0aa67c5d08ab_s390x",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:decf1467f5221c47d0e8926b0c603590393f630baa1973c8edae8494e2566dd4_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-32190"
},
{
"category": "external",
"summary": "RHBZ#2124668",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124668"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-32190",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32190"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32190",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32190"
},
{
"category": "external",
"summary": "https://go.dev/issue/54385",
"url": "https://go.dev/issue/54385"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ",
"url": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ"
}
],
"release_date": "2022-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-28T02:51:35+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:182617afd959e3848332d7ddf8e852c8bce783ebd20819dae709f62707a48553_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:378a1164f6a4b373ceb3324c4763f22a698f7ea011ee2cba695103666e6a5d09_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:c1903bb813958cf463966e5373890f1100d20ea3b7acf7d29910c28d063b72be_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8634"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:36c41473747952825632ab37ace5230d035eb2b22437db43abc100774373bfff_ppc64le",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:4aed79cea350c699ffa3cddda3ffd5e1f00d46436ed4de7057161237661ae523_s390x",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:7a437c2304a2f8afe8116246ab7d984ea7bc474b075360ad25788eb20e418400_amd64",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2027f961b5eb33db40fba0d1037d3830b2e3a2de155ba37c03c0dd606a180b3e_ppc64le",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:bf295af188327b241546af2c4fda30b3915f76c8f05c7fadf1e120fafc95f276_amd64",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:eef2e1f2def5cd097ef5631e9d0c9d80b0ce936a09a9f4daa74ce1d60a5c29bc_s390x",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7eeaaa04427752f4ba63e3abd02899fb35a1ae7d015e3fe239283c47864f1127_s390x",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a037c78586906aee892976a712c3b7225fd7ec20d520f55ae24a898ef5a86d30_ppc64le",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a760acaf99548ee1782b665ce98ce7b6676eba294941e5b74c0d5a3ab5c5f9a3_amd64",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:a98b69c2bf5773a3527441ee44b51f27e50efb09fa73932e52598a6ba5a741eb_ppc64le",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:e7f8fb928593bf7504c195804bc1562cd3b9ffbc46bdb1d75e8e5c7558c76356_amd64",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:f756510de309cab2b9420e075ece2643cfe79c4c5bfa7c90f58ed06feb78775f_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:419731ee8118ac762e4115064832e71f1cda13552c40b727fc20c81b244d22a9_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:96343511b8cfe3ad9df3f5a1e2c51d3302d32b7eeeb6ea1e4822c8a6856d2d51_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:d7e7da1afcae5bc8510ab5c23517d8d28f96e47340016729088781a958213c01_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:349cbb1106879f862cd42f9c9af280046d339a9eded40428178f7453986d5b5b_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a3880a08c92474cd0e9cb3034eeeb6b6c5b7045359c1a19c9f0f98a144737188_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:b55afe58cdee505d05180e88dfcc0f630dcfa19a2bbec72d256e1d4e79141b99_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:9c095c3294dc83493db05fabe9bfef46a161074c486cf0ad46019c5d621ba586_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:a0fa3599feb43cfdd415ded5c311a4796713429c700a7089da01dc3b420e706c_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:daa244bd00fd98d46d05bb4bcb562178d50d138c00329199872f8d9f7ecf4160_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:079cc03ce02b8da51600ef0f50c7b979177da3faa48643fda991e26cb2979700_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:4d91ec9565f8bace77481e04f821680b760cc58134dbbe7ebf184d1aeec828b4_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:b2a7d30f3d367cac2637116ac5e79533dc79149631ed280fb6132cc92a5ea7aa_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:0b2f1f61c2fe58d4c78d4c2fa14ed8f643cce686239143cfd179701ca13c25fe_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:38ea3d805ff8b1b940974d3e1df14b9626b7f9be2c1df5c828edba35db6713a0_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:50095681181e1e145fbfdf0ed3d7586a69890c07636fb0397a9f4694e6f589ef_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:98fc312123a0d08b628601f674443825e915a54a91e89cbe0c47d8473b7be0b8_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:bcd91152819872f1ce051cdb8dd10a166ca917a6f4a40c1645bcc43a45e475fa_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:d7dfb48bcb7c385b5e403a161f9f75547191cbf9353d89655c49a49a507c3ff0_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:182617afd959e3848332d7ddf8e852c8bce783ebd20819dae709f62707a48553_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:378a1164f6a4b373ceb3324c4763f22a698f7ea011ee2cba695103666e6a5d09_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:c1903bb813958cf463966e5373890f1100d20ea3b7acf7d29910c28d063b72be_ppc64le",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:38bd37201f9c134251fe9ce946983e825e147dfda261c1fd226c8a8b811eb856_ppc64le",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:b20119014cbac4f356bd44052ec827df4eab1422aa5ed3ba7b0e0aa67c5d08ab_s390x",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:decf1467f5221c47d0e8926b0c603590393f630baa1973c8edae8494e2566dd4_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/url: JoinPath does not strip relative path components in all circumstances"
}
]
}
RHSA-2022:8781
Vulnerability from csaf_redhat - Published: 2022-12-08 07:37 - Updated: 2026-05-27 08:35Summary
Red Hat Security Advisory: Logging Subsystem 5.5.5 - Red Hat OpenShift security update
Severity
Moderate
Notes
Topic: Logging Subsystem 5.5.5 - Red Hat OpenShift
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Logging Subsystem 5.5.5 - Red Hat OpenShift
Security Fixe(s):
* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)
* golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)
* golang: archive/tar: unbounded memory consumption when reading headers (CVE-2022-2879, CVE-2022-2880, CVE-2022-41715)
* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)
* jackson-databind: use of deeply nested arrays (CVE-2022-42004)
* loader-utils: Regular expression denial of service (CVE-2022-37603)
* golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service (CVE-2022-32189)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x | — |
Vendor Fix
fix
|
Known not affected
59 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874_ppc64le | — |
Threats
Impact
Moderate
A flaw was found in the golang package, where Reader.Read does not set a limit on the maximum size of file headers. After fixing, Reader.Read limits the maximum size of header blocks to 1 MiB. This flaw allows a maliciously crafted archive to cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panic.
6.5 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le | — |
Vendor Fix
fix
|
Known not affected
59 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874_ppc64le | — |
Threats
Impact
Moderate
A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After the fix, the reverse proxy sanitizes the query parameters in the forwarded query when the outbound request's form field is set after the reverse proxy. The director function returns, indicating that the proxy has parsed the query parameters. Proxies that do not parse query parameters continue to forward the original query parameters unchanged.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le | — |
Vendor Fix
fix
|
Known not affected
59 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874_ppc64le | — |
Threats
Impact
Moderate
A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown.
6.5 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le | — |
Vendor Fix
fix
|
Known not affected
59 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874_ppc64le | — |
Threats
Impact
Moderate
An uncontrolled resource consumption flaw was found in Golang math/big. A too-short encoded message can cause a panic in Float.GobDecode and Rat.GobDecode in math/big in Go, potentially allowing an attacker to create a denial of service, impacting availability.
6.5 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
59 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704_arm64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197_arm64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a_arm64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2_arm64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8_arm64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e_arm64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936_arm64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d_arm64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d_arm64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc_arm64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874_ppc64le | — |
Workaround
|
Threats
Impact
Low
A flaw was found in loader-utils webpack library. When the url variable from interpolateName is set, the prototype can be polluted. This issue could lead to a regular expression Denial of Service (ReDoS), affecting the availability of the affected component.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le | — |
Vendor Fix
fix
|
Known not affected
59 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874_ppc64le | — |
Threats
Impact
Moderate
A flaw was found in the golang package, where programs that compile regular expressions from untrusted sources are vulnerable to memory exhaustion or a denial of service. The parsed regexp representation is linear in the input size. Still, in some cases, the constant factor can be as high as 40,000, making a relatively small regexp consume larger amounts of memory. After the fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Routine use of regular expressions is unaffected.
6.5 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le | — |
Vendor Fix
fix
|
Known not affected
59 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874_ppc64le | — |
Threats
Impact
Moderate
A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.
7.5 (High)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x | — |
Vendor Fix
fix
|
Known not affected
50 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874_ppc64le | — |
Threats
Impact
Moderate
A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.
7.5 (High)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x | — |
Vendor Fix
fix
|
Known not affected
50 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874_ppc64le | — |
Threats
Impact
Moderate
References
68 references
Acknowledgments
ADA Logics
Adam Korczynski
OSS-Fuzz
Head of Research, Oxeye
Daniel Abeles
Security Researcher, Oxeye
Gal Goldstein
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Logging Subsystem 5.5.5 - Red Hat OpenShift\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Logging Subsystem 5.5.5 - Red Hat OpenShift\n\nSecurity Fixe(s):\n\n* jackson-databind: denial of service via a large depth of nested objects\u00a0(CVE-2020-36518)\n\n* golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)\n\n* golang: archive/tar: unbounded memory consumption when reading headers (CVE-2022-2879, CVE-2022-2880, CVE-2022-41715)\n\n* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)\n\n* jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n\n* loader-utils: Regular expression denial of service (CVE-2022-37603)\n\n* golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service (CVE-2022-32189)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:8781",
"url": "https://access.redhat.com/errata/RHSA-2022:8781"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2064698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698"
},
{
"category": "external",
"summary": "2113814",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2113814"
},
{
"category": "external",
"summary": "2124669",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124669"
},
{
"category": "external",
"summary": "2132867",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132867"
},
{
"category": "external",
"summary": "2132868",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132868"
},
{
"category": "external",
"summary": "2132872",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132872"
},
{
"category": "external",
"summary": "2135244",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244"
},
{
"category": "external",
"summary": "2135247",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247"
},
{
"category": "external",
"summary": "2140597",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140597"
},
{
"category": "external",
"summary": "LOG-2860",
"url": "https://issues.redhat.com/browse/LOG-2860"
},
{
"category": "external",
"summary": "LOG-3131",
"url": "https://issues.redhat.com/browse/LOG-3131"
},
{
"category": "external",
"summary": "LOG-3222",
"url": "https://issues.redhat.com/browse/LOG-3222"
},
{
"category": "external",
"summary": "LOG-3226",
"url": "https://issues.redhat.com/browse/LOG-3226"
},
{
"category": "external",
"summary": "LOG-3284",
"url": "https://issues.redhat.com/browse/LOG-3284"
},
{
"category": "external",
"summary": "LOG-3287",
"url": "https://issues.redhat.com/browse/LOG-3287"
},
{
"category": "external",
"summary": "LOG-3301",
"url": "https://issues.redhat.com/browse/LOG-3301"
},
{
"category": "external",
"summary": "LOG-3305",
"url": "https://issues.redhat.com/browse/LOG-3305"
},
{
"category": "external",
"summary": "LOG-3310",
"url": "https://issues.redhat.com/browse/LOG-3310"
},
{
"category": "external",
"summary": "LOG-3332",
"url": "https://issues.redhat.com/browse/LOG-3332"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_8781.json"
}
],
"title": "Red Hat Security Advisory: Logging Subsystem 5.5.5 - Red Hat OpenShift security update",
"tracking": {
"current_release_date": "2026-05-27T08:35:20+00:00",
"generator": {
"date": "2026-05-27T08:35:20+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2022:8781",
"initial_release_date": "2022-12-08T07:37:32+00:00",
"revision_history": [
{
"date": "2022-12-08T07:37:32+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-12-08T07:37:32+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-27T08:35:20+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHOL 5.5 for RHEL 8",
"product": {
"name": "RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:logging:5.5::el8"
}
}
}
],
"category": "product_family",
"name": "logging for Red Hat OpenShift"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d_amd64",
"product": {
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d_amd64",
"product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.5.5-3"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289_amd64",
"product": {
"name": "openshift-logging/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289_amd64",
"product_id": "openshift-logging/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-operator-bundle\u0026tag=v5.5.5-8"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64",
"product": {
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64",
"product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.5.5-2"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64",
"product": {
"name": "openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64",
"product_id": "openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-operator-bundle\u0026tag=v5.5.5-14"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64",
"product": {
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64",
"product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-311"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901_amd64",
"product": {
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901_amd64",
"product_id": "openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901_amd64",
"product_identification_helper": {
"purl": "pkg:oci/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel8\u0026tag=v1.1.0-78"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353_amd64",
"product": {
"name": "openshift-logging/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353_amd64",
"product_id": "openshift-logging/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353_amd64",
"product_identification_helper": {
"purl": "pkg:oci/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.8.1-247"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64",
"product": {
"name": "openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64",
"product_id": "openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-273"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8_amd64",
"product": {
"name": "openshift-logging/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8_amd64",
"product_id": "openshift-logging/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.4.0-59"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132_amd64",
"product": {
"name": "openshift-logging/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132_amd64",
"product_id": "openshift-logging/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132_amd64",
"product_identification_helper": {
"purl": "pkg:oci/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.14.6-67"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75_amd64",
"product": {
"name": "openshift-logging/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75_amd64",
"product_id": "openshift-logging/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-310"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64",
"product": {
"name": "openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64",
"product_id": "openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64",
"product_identification_helper": {
"purl": "pkg:oci/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/logging-loki-rhel8\u0026tag=v2.6.1-23"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b_amd64",
"product": {
"name": "openshift-logging/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b_amd64",
"product_id": "openshift-logging/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/vector-rhel8\u0026tag=v0.21.0-39"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64",
"product": {
"name": "openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64",
"product_id": "openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/logging-view-plugin-rhel8\u0026tag=v5.5.5-2"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f_amd64",
"product": {
"name": "openshift-logging/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f_amd64",
"product_id": "openshift-logging/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/loki-operator-bundle\u0026tag=v5.5.5-19"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413_amd64",
"product": {
"name": "openshift-logging/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413_amd64",
"product_id": "openshift-logging/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413_amd64",
"product_identification_helper": {
"purl": "pkg:oci/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/loki-rhel8-operator\u0026tag=v5.5.5-4"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844_amd64",
"product": {
"name": "openshift-logging/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844_amd64",
"product_id": "openshift-logging/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844_amd64",
"product_identification_helper": {
"purl": "pkg:oci/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/lokistack-gateway-rhel8\u0026tag=v0.1.0-64"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859_amd64",
"product": {
"name": "openshift-logging/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859_amd64",
"product_id": "openshift-logging/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859_amd64",
"product_identification_helper": {
"purl": "pkg:oci/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/opa-openshift-rhel8\u0026tag=v0.1.0-30"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704_arm64",
"product": {
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704_arm64",
"product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.5.5-3"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64",
"product": {
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64",
"product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.5.5-2"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64",
"product": {
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64",
"product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-311"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8_arm64",
"product": {
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8_arm64",
"product_id": "openshift-logging/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8_arm64",
"product_identification_helper": {
"purl": "pkg:oci/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel8\u0026tag=v1.1.0-78"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e_arm64",
"product": {
"name": "openshift-logging/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e_arm64",
"product_id": "openshift-logging/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e_arm64",
"product_identification_helper": {
"purl": "pkg:oci/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.8.1-247"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64",
"product": {
"name": "openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64",
"product_id": "openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-273"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197_arm64",
"product": {
"name": "openshift-logging/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197_arm64",
"product_id": "openshift-logging/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197_arm64",
"product_identification_helper": {
"purl": "pkg:oci/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.4.0-59"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a_arm64",
"product": {
"name": "openshift-logging/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a_arm64",
"product_id": "openshift-logging/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a_arm64",
"product_identification_helper": {
"purl": "pkg:oci/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.14.6-67"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2_arm64",
"product": {
"name": "openshift-logging/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2_arm64",
"product_id": "openshift-logging/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-310"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64",
"product": {
"name": "openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64",
"product_id": "openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64",
"product_identification_helper": {
"purl": "pkg:oci/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/logging-loki-rhel8\u0026tag=v2.6.1-23"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc_arm64",
"product": {
"name": "openshift-logging/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc_arm64",
"product_id": "openshift-logging/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc_arm64",
"product_identification_helper": {
"purl": "pkg:oci/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/vector-rhel8\u0026tag=v0.21.0-39"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64",
"product": {
"name": "openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64",
"product_id": "openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64",
"product_identification_helper": {
"purl": "pkg:oci/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/logging-view-plugin-rhel8\u0026tag=v5.5.5-2"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936_arm64",
"product": {
"name": "openshift-logging/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936_arm64",
"product_id": "openshift-logging/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936_arm64",
"product_identification_helper": {
"purl": "pkg:oci/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/loki-rhel8-operator\u0026tag=v5.5.5-4"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d_arm64",
"product": {
"name": "openshift-logging/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d_arm64",
"product_id": "openshift-logging/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d_arm64",
"product_identification_helper": {
"purl": "pkg:oci/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/lokistack-gateway-rhel8\u0026tag=v0.1.0-64"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d_arm64",
"product": {
"name": "openshift-logging/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d_arm64",
"product_id": "openshift-logging/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d_arm64",
"product_identification_helper": {
"purl": "pkg:oci/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/opa-openshift-rhel8\u0026tag=v0.1.0-30"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77_ppc64le",
"product": {
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77_ppc64le",
"product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.5.5-3"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le",
"product": {
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le",
"product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.5.5-2"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le",
"product": {
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le",
"product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-311"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26_ppc64le",
"product": {
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26_ppc64le",
"product_id": "openshift-logging/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel8\u0026tag=v1.1.0-78"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435_ppc64le",
"product": {
"name": "openshift-logging/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435_ppc64le",
"product_id": "openshift-logging/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.8.1-247"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le",
"product": {
"name": "openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le",
"product_id": "openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-273"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c_ppc64le",
"product": {
"name": "openshift-logging/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c_ppc64le",
"product_id": "openshift-logging/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.4.0-59"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3_ppc64le",
"product": {
"name": "openshift-logging/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3_ppc64le",
"product_id": "openshift-logging/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.14.6-67"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b_ppc64le",
"product": {
"name": "openshift-logging/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b_ppc64le",
"product_id": "openshift-logging/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-310"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le",
"product": {
"name": "openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le",
"product_id": "openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/logging-loki-rhel8\u0026tag=v2.6.1-23"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874_ppc64le",
"product": {
"name": "openshift-logging/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874_ppc64le",
"product_id": "openshift-logging/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/vector-rhel8\u0026tag=v0.21.0-39"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le",
"product": {
"name": "openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le",
"product_id": "openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/logging-view-plugin-rhel8\u0026tag=v5.5.5-2"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013_ppc64le",
"product": {
"name": "openshift-logging/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013_ppc64le",
"product_id": "openshift-logging/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/loki-rhel8-operator\u0026tag=v5.5.5-4"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9_ppc64le",
"product": {
"name": "openshift-logging/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9_ppc64le",
"product_id": "openshift-logging/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/lokistack-gateway-rhel8\u0026tag=v0.1.0-64"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b_ppc64le",
"product": {
"name": "openshift-logging/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b_ppc64le",
"product_id": "openshift-logging/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/opa-openshift-rhel8\u0026tag=v0.1.0-30"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e_s390x",
"product": {
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e_s390x",
"product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.5.5-3"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x",
"product": {
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x",
"product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.5.5-2"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x",
"product": {
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x",
"product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-311"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb_s390x",
"product": {
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb_s390x",
"product_id": "openshift-logging/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb_s390x",
"product_identification_helper": {
"purl": "pkg:oci/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel8\u0026tag=v1.1.0-78"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785_s390x",
"product": {
"name": "openshift-logging/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785_s390x",
"product_id": "openshift-logging/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785_s390x",
"product_identification_helper": {
"purl": "pkg:oci/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.8.1-247"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x",
"product": {
"name": "openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x",
"product_id": "openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-273"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f_s390x",
"product": {
"name": "openshift-logging/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f_s390x",
"product_id": "openshift-logging/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.4.0-59"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29_s390x",
"product": {
"name": "openshift-logging/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29_s390x",
"product_id": "openshift-logging/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29_s390x",
"product_identification_helper": {
"purl": "pkg:oci/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.14.6-67"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0_s390x",
"product": {
"name": "openshift-logging/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0_s390x",
"product_id": "openshift-logging/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-310"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x",
"product": {
"name": "openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x",
"product_id": "openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/logging-loki-rhel8\u0026tag=v2.6.1-23"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b_s390x",
"product": {
"name": "openshift-logging/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b_s390x",
"product_id": "openshift-logging/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/vector-rhel8\u0026tag=v0.21.0-39"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x",
"product": {
"name": "openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x",
"product_id": "openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x",
"product_identification_helper": {
"purl": "pkg:oci/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/logging-view-plugin-rhel8\u0026tag=v5.5.5-2"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0_s390x",
"product": {
"name": "openshift-logging/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0_s390x",
"product_id": "openshift-logging/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0_s390x",
"product_identification_helper": {
"purl": "pkg:oci/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/loki-rhel8-operator\u0026tag=v5.5.5-4"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d_s390x",
"product": {
"name": "openshift-logging/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d_s390x",
"product_id": "openshift-logging/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/lokistack-gateway-rhel8\u0026tag=v0.1.0-64"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b_s390x",
"product": {
"name": "openshift-logging/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b_s390x",
"product_id": "openshift-logging/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/opa-openshift-rhel8\u0026tag=v0.1.0-30"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289_amd64 as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289_amd64"
},
"product_reference": "openshift-logging/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289_amd64",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d_amd64 as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d_amd64"
},
"product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d_amd64",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77_ppc64le as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77_ppc64le"
},
"product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e_s390x as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e_s390x"
},
"product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e_s390x",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704_arm64 as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704_arm64"
},
"product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704_arm64",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64 as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64"
},
"product_reference": "openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le"
},
"product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64 as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64"
},
"product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x"
},
"product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64 as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64"
},
"product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64 as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64"
},
"product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64 as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64"
},
"product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le"
},
"product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x"
},
"product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64 as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64"
},
"product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le"
},
"product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64 as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64"
},
"product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x"
},
"product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f_s390x as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f_s390x"
},
"product_reference": "openshift-logging/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f_s390x",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8_amd64 as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8_amd64"
},
"product_reference": "openshift-logging/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8_amd64",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c_ppc64le as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c_ppc64le"
},
"product_reference": "openshift-logging/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197_arm64 as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197_arm64"
},
"product_reference": "openshift-logging/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197_arm64",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132_amd64 as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132_amd64"
},
"product_reference": "openshift-logging/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132_amd64",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29_s390x as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29_s390x"
},
"product_reference": "openshift-logging/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29_s390x",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3_ppc64le as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3_ppc64le"
},
"product_reference": "openshift-logging/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a_arm64 as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a_arm64"
},
"product_reference": "openshift-logging/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a_arm64",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0_s390x as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0_s390x"
},
"product_reference": "openshift-logging/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0_s390x",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b_ppc64le as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b_ppc64le"
},
"product_reference": "openshift-logging/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2_arm64 as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2_arm64"
},
"product_reference": "openshift-logging/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2_arm64",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75_amd64 as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75_amd64"
},
"product_reference": "openshift-logging/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75_amd64",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901_amd64 as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901_amd64"
},
"product_reference": "openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901_amd64",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26_ppc64le as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26_ppc64le"
},
"product_reference": "openshift-logging/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8_arm64 as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8_arm64"
},
"product_reference": "openshift-logging/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8_arm64",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb_s390x as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb_s390x"
},
"product_reference": "openshift-logging/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb_s390x",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353_amd64 as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353_amd64"
},
"product_reference": "openshift-logging/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353_amd64",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785_s390x as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785_s390x"
},
"product_reference": "openshift-logging/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785_s390x",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e_arm64 as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e_arm64"
},
"product_reference": "openshift-logging/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e_arm64",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435_ppc64le as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435_ppc64le"
},
"product_reference": "openshift-logging/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64 as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64"
},
"product_reference": "openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x"
},
"product_reference": "openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64 as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64"
},
"product_reference": "openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le"
},
"product_reference": "openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64 as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64"
},
"product_reference": "openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64 as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64"
},
"product_reference": "openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x"
},
"product_reference": "openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le"
},
"product_reference": "openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f_amd64 as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f_amd64"
},
"product_reference": "openshift-logging/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f_amd64",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0_s390x as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0_s390x"
},
"product_reference": "openshift-logging/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0_s390x",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936_arm64 as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936_arm64"
},
"product_reference": "openshift-logging/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936_arm64",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413_amd64 as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413_amd64"
},
"product_reference": "openshift-logging/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413_amd64",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013_ppc64le as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013_ppc64le"
},
"product_reference": "openshift-logging/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d_arm64 as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d_arm64"
},
"product_reference": "openshift-logging/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d_arm64",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d_s390x as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d_s390x"
},
"product_reference": "openshift-logging/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d_s390x",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9_ppc64le as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9_ppc64le"
},
"product_reference": "openshift-logging/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844_amd64 as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844_amd64"
},
"product_reference": "openshift-logging/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844_amd64",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d_arm64 as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d_arm64"
},
"product_reference": "openshift-logging/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d_arm64",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859_amd64 as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859_amd64"
},
"product_reference": "openshift-logging/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859_amd64",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b_ppc64le as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b_ppc64le"
},
"product_reference": "openshift-logging/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b_s390x as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b_s390x"
},
"product_reference": "openshift-logging/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b_s390x",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc_arm64 as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc_arm64"
},
"product_reference": "openshift-logging/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc_arm64",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b_amd64 as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b_amd64"
},
"product_reference": "openshift-logging/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b_amd64",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b_s390x as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b_s390x"
},
"product_reference": "openshift-logging/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b_s390x",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874_ppc64le as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874_ppc64le"
},
"product_reference": "openshift-logging/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-36518",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-03-16T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOL-5.5:openshift-logging/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77_ppc64le",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e_s390x",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f_s390x",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8_amd64",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c_ppc64le",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197_arm64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132_amd64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29_s390x",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3_ppc64le",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0_s390x",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26_ppc64le",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8_arm64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le",
"8Base-RHOL-5.5:openshift-logging/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0_s390x",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936_arm64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d_arm64",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d_s390x",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d_arm64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc_arm64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b_amd64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2064698"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: denial of service via a large depth of nested objects",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "CodeReady Studio is no longer supported and therefore this flaw will not be addressed in CodeReady Studio.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x"
],
"known_not_affected": [
"8Base-RHOL-5.5:openshift-logging/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77_ppc64le",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e_s390x",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f_s390x",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8_amd64",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c_ppc64le",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197_arm64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132_amd64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29_s390x",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3_ppc64le",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0_s390x",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26_ppc64le",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8_arm64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le",
"8Base-RHOL-5.5:openshift-logging/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0_s390x",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936_arm64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d_arm64",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d_s390x",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d_arm64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc_arm64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b_amd64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-36518"
},
{
"category": "external",
"summary": "RHBZ#2064698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-36518",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36518"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-57j2-w4cx-62h2",
"url": "https://github.com/advisories/GHSA-57j2-w4cx-62h2"
}
],
"release_date": "2020-08-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-12-08T07:37:32+00:00",
"details": "For OpenShift Container Platform 4.11 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html\n\nFor Red Hat OpenShift Logging 5.5, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.11/logging/cluster-logging-upgrading.html",
"product_ids": [
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8781"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOL-5.5:openshift-logging/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77_ppc64le",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e_s390x",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f_s390x",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8_amd64",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c_ppc64le",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197_arm64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132_amd64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29_s390x",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3_ppc64le",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0_s390x",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26_ppc64le",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8_arm64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le",
"8Base-RHOL-5.5:openshift-logging/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0_s390x",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936_arm64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d_arm64",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d_s390x",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d_arm64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc_arm64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b_amd64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: denial of service via a large depth of nested objects"
},
{
"acknowledgments": [
{
"names": [
"Adam Korczynski"
],
"organization": "ADA Logics"
},
{
"names": [
"OSS-Fuzz"
]
}
],
"cve": "CVE-2022-2879",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2022-10-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOL-5.5:openshift-logging/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77_ppc64le",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e_s390x",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f_s390x",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8_amd64",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c_ppc64le",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197_arm64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132_amd64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29_s390x",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3_ppc64le",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0_s390x",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26_ppc64le",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8_arm64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le",
"8Base-RHOL-5.5:openshift-logging/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0_s390x",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936_arm64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d_arm64",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d_s390x",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d_arm64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc_arm64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b_amd64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2132867"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package, where Reader.Read does not set a limit on the maximum size of file headers. After fixing, Reader.Read limits the maximum size of header blocks to 1 MiB. This flaw allows a maliciously crafted archive to cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panic.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/tar: github.com/vbatts/tar-split: unbounded memory consumption when reading headers",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.\n\n\nThis flaw additionally affects the github.com/vbatts/tar-split library and was fixed in v0.12.1.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le"
],
"known_not_affected": [
"8Base-RHOL-5.5:openshift-logging/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77_ppc64le",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e_s390x",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f_s390x",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8_amd64",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c_ppc64le",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197_arm64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132_amd64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29_s390x",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3_ppc64le",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0_s390x",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26_ppc64le",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8_arm64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le",
"8Base-RHOL-5.5:openshift-logging/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0_s390x",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936_arm64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d_arm64",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d_s390x",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d_arm64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc_arm64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b_amd64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-2879"
},
{
"category": "external",
"summary": "RHBZ#2132867",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132867"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-2879",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2879"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2879",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2879"
},
{
"category": "external",
"summary": "https://github.com/golang/go/issues/54853",
"url": "https://github.com/golang/go/issues/54853"
},
{
"category": "external",
"summary": "https://github.com/vbatts/tar-split/releases/tag/v0.12.1",
"url": "https://github.com/vbatts/tar-split/releases/tag/v0.12.1"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1",
"url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1"
}
],
"release_date": "2022-10-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-12-08T07:37:32+00:00",
"details": "For OpenShift Container Platform 4.11 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html\n\nFor Red Hat OpenShift Logging 5.5, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.11/logging/cluster-logging-upgrading.html",
"product_ids": [
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8781"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOL-5.5:openshift-logging/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77_ppc64le",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e_s390x",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f_s390x",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8_amd64",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c_ppc64le",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197_arm64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132_amd64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29_s390x",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3_ppc64le",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0_s390x",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26_ppc64le",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8_arm64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le",
"8Base-RHOL-5.5:openshift-logging/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0_s390x",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936_arm64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d_arm64",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d_s390x",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d_arm64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc_arm64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b_amd64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: archive/tar: github.com/vbatts/tar-split: unbounded memory consumption when reading headers"
},
{
"acknowledgments": [
{
"names": [
"Daniel Abeles"
],
"organization": "Head of Research, Oxeye"
},
{
"names": [
"Gal Goldstein"
],
"organization": "Security Researcher, Oxeye"
}
],
"cve": "CVE-2022-2880",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2022-10-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOL-5.5:openshift-logging/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77_ppc64le",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e_s390x",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f_s390x",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8_amd64",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c_ppc64le",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197_arm64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132_amd64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29_s390x",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3_ppc64le",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0_s390x",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26_ppc64le",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8_arm64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le",
"8Base-RHOL-5.5:openshift-logging/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0_s390x",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936_arm64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d_arm64",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d_s390x",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d_arm64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc_arm64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b_amd64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2132868"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After the fix, the reverse proxy sanitizes the query parameters in the forwarded query when the outbound request\u0027s form field is set after the reverse proxy. The director function returns, indicating that the proxy has parsed the query parameters. Proxies that do not parse query parameters continue to forward the original query parameters unchanged.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity to exploit this vulnerability is limited to the Golang runtime. In the case of the OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le"
],
"known_not_affected": [
"8Base-RHOL-5.5:openshift-logging/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77_ppc64le",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e_s390x",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f_s390x",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8_amd64",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c_ppc64le",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197_arm64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132_amd64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29_s390x",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3_ppc64le",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0_s390x",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26_ppc64le",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8_arm64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le",
"8Base-RHOL-5.5:openshift-logging/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0_s390x",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936_arm64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d_arm64",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d_s390x",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d_arm64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc_arm64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b_amd64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-2880"
},
{
"category": "external",
"summary": "RHBZ#2132868",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132868"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-2880",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2880"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2880",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2880"
},
{
"category": "external",
"summary": "https://github.com/golang/go/issues/54663",
"url": "https://github.com/golang/go/issues/54663"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1",
"url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1"
}
],
"release_date": "2022-10-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-12-08T07:37:32+00:00",
"details": "For OpenShift Container Platform 4.11 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html\n\nFor Red Hat OpenShift Logging 5.5, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.11/logging/cluster-logging-upgrading.html",
"product_ids": [
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8781"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOL-5.5:openshift-logging/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77_ppc64le",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e_s390x",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f_s390x",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8_amd64",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c_ppc64le",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197_arm64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132_amd64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29_s390x",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3_ppc64le",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0_s390x",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26_ppc64le",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8_arm64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le",
"8Base-RHOL-5.5:openshift-logging/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0_s390x",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936_arm64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d_arm64",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d_s390x",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d_arm64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc_arm64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b_amd64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters"
},
{
"cve": "CVE-2022-27664",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-09-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOL-5.5:openshift-logging/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77_ppc64le",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e_s390x",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f_s390x",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8_amd64",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c_ppc64le",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197_arm64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132_amd64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29_s390x",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3_ppc64le",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0_s390x",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26_ppc64le",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8_arm64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le",
"8Base-RHOL-5.5:openshift-logging/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0_s390x",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936_arm64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d_arm64",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d_s390x",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d_arm64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc_arm64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b_amd64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2124669"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: handle server errors after sending GOAWAY",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le"
],
"known_not_affected": [
"8Base-RHOL-5.5:openshift-logging/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77_ppc64le",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e_s390x",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f_s390x",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8_amd64",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c_ppc64le",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197_arm64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132_amd64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29_s390x",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3_ppc64le",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0_s390x",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26_ppc64le",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8_arm64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le",
"8Base-RHOL-5.5:openshift-logging/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0_s390x",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936_arm64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d_arm64",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d_s390x",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d_arm64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc_arm64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b_amd64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-27664"
},
{
"category": "external",
"summary": "RHBZ#2124669",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124669"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-27664",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27664"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-27664",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27664"
},
{
"category": "external",
"summary": "https://go.dev/issue/54658",
"url": "https://go.dev/issue/54658"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ",
"url": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ"
}
],
"release_date": "2022-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-12-08T07:37:32+00:00",
"details": "For OpenShift Container Platform 4.11 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html\n\nFor Red Hat OpenShift Logging 5.5, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.11/logging/cluster-logging-upgrading.html",
"product_ids": [
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8781"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOL-5.5:openshift-logging/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77_ppc64le",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e_s390x",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f_s390x",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8_amd64",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c_ppc64le",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197_arm64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132_amd64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29_s390x",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3_ppc64le",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0_s390x",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26_ppc64le",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8_arm64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le",
"8Base-RHOL-5.5:openshift-logging/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0_s390x",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936_arm64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d_arm64",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d_s390x",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d_arm64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc_arm64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b_amd64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: handle server errors after sending GOAWAY"
},
{
"cve": "CVE-2022-32189",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-08-02T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOL-5.5:openshift-logging/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77_ppc64le",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e_s390x",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f_s390x",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8_amd64",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c_ppc64le",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197_arm64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132_amd64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29_s390x",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3_ppc64le",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0_s390x",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26_ppc64le",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8_arm64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le",
"8Base-RHOL-5.5:openshift-logging/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0_s390x",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936_arm64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d_arm64",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d_s390x",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d_arm64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc_arm64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b_amd64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2113814"
}
],
"notes": [
{
"category": "description",
"text": "An uncontrolled resource consumption flaw was found in Golang math/big. A too-short encoded message can cause a panic in Float.GobDecode and Rat.GobDecode in math/big in Go, potentially allowing an attacker to create a denial of service, impacting availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw stems from a particular and specific method (GoBDecode) which isn\u0027t commonly used. There are few components within Red Hat offerings which call this function. In rare cases where this method is called, the component limits possible damage or it is not possible to be triggered by an attacker. For these combined reasons the impact has been downgraded to Low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le"
],
"known_not_affected": [
"8Base-RHOL-5.5:openshift-logging/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77_ppc64le",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e_s390x",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f_s390x",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8_amd64",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c_ppc64le",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197_arm64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132_amd64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29_s390x",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3_ppc64le",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0_s390x",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26_ppc64le",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8_arm64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le",
"8Base-RHOL-5.5:openshift-logging/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0_s390x",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936_arm64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d_arm64",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d_s390x",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d_arm64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc_arm64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b_amd64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-32189"
},
{
"category": "external",
"summary": "RHBZ#2113814",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2113814"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-32189",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32189"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32189",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32189"
},
{
"category": "external",
"summary": "https://go.dev/issue/53871",
"url": "https://go.dev/issue/53871"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-nuts/c/DCFSyTGM0wU",
"url": "https://groups.google.com/g/golang-nuts/c/DCFSyTGM0wU"
}
],
"release_date": "2022-08-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-12-08T07:37:32+00:00",
"details": "For OpenShift Container Platform 4.11 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html\n\nFor Red Hat OpenShift Logging 5.5, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.11/logging/cluster-logging-upgrading.html",
"product_ids": [
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8781"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHOL-5.5:openshift-logging/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77_ppc64le",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e_s390x",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f_s390x",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8_amd64",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c_ppc64le",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197_arm64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132_amd64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29_s390x",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3_ppc64le",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0_s390x",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26_ppc64le",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8_arm64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le",
"8Base-RHOL-5.5:openshift-logging/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0_s390x",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936_arm64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d_arm64",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d_s390x",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d_arm64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc_arm64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b_amd64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOL-5.5:openshift-logging/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77_ppc64le",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e_s390x",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f_s390x",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8_amd64",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c_ppc64le",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197_arm64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132_amd64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29_s390x",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3_ppc64le",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0_s390x",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26_ppc64le",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8_arm64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le",
"8Base-RHOL-5.5:openshift-logging/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0_s390x",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936_arm64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d_arm64",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d_s390x",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d_arm64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc_arm64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b_amd64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service"
},
{
"cve": "CVE-2022-37603",
"cwe": {
"id": "CWE-185",
"name": "Incorrect Regular Expression"
},
"discovery_date": "2022-11-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOL-5.5:openshift-logging/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77_ppc64le",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e_s390x",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f_s390x",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8_amd64",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c_ppc64le",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197_arm64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132_amd64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29_s390x",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3_ppc64le",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0_s390x",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26_ppc64le",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8_arm64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le",
"8Base-RHOL-5.5:openshift-logging/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0_s390x",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936_arm64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d_arm64",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d_s390x",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d_arm64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc_arm64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b_amd64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2140597"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in loader-utils webpack library. When the url variable from interpolateName is set, the prototype can be polluted. This issue could lead to a regular expression Denial of Service (ReDoS), affecting the availability of the affected component.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "loader-utils: Regular expression denial of service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le"
],
"known_not_affected": [
"8Base-RHOL-5.5:openshift-logging/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77_ppc64le",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e_s390x",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f_s390x",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8_amd64",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c_ppc64le",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197_arm64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132_amd64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29_s390x",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3_ppc64le",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0_s390x",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26_ppc64le",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8_arm64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le",
"8Base-RHOL-5.5:openshift-logging/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0_s390x",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936_arm64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d_arm64",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d_s390x",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d_arm64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc_arm64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b_amd64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-37603"
},
{
"category": "external",
"summary": "RHBZ#2140597",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140597"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-37603",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37603"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-37603",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37603"
}
],
"release_date": "2022-10-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-12-08T07:37:32+00:00",
"details": "For OpenShift Container Platform 4.11 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html\n\nFor Red Hat OpenShift Logging 5.5, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.11/logging/cluster-logging-upgrading.html",
"product_ids": [
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8781"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOL-5.5:openshift-logging/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77_ppc64le",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e_s390x",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f_s390x",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8_amd64",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c_ppc64le",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197_arm64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132_amd64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29_s390x",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3_ppc64le",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0_s390x",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26_ppc64le",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8_arm64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le",
"8Base-RHOL-5.5:openshift-logging/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0_s390x",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936_arm64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d_arm64",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d_s390x",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d_arm64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc_arm64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b_amd64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "loader-utils: Regular expression denial of service"
},
{
"acknowledgments": [
{
"names": [
"Adam Korczynski"
],
"organization": "ADA Logics"
},
{
"names": [
"OSS-Fuzz"
]
}
],
"cve": "CVE-2022-41715",
"discovery_date": "2022-10-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOL-5.5:openshift-logging/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77_ppc64le",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e_s390x",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f_s390x",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8_amd64",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c_ppc64le",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197_arm64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132_amd64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29_s390x",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3_ppc64le",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0_s390x",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26_ppc64le",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8_arm64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le",
"8Base-RHOL-5.5:openshift-logging/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0_s390x",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936_arm64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d_arm64",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d_s390x",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d_arm64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc_arm64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b_amd64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2132872"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package, where programs that compile regular expressions from untrusted sources are vulnerable to memory exhaustion or a denial of service. The parsed regexp representation is linear in the input size. Still, in some cases, the constant factor can be as high as 40,000, making a relatively small regexp consume larger amounts of memory. After the fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Routine use of regular expressions is unaffected.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: regexp/syntax: limit memory used by parsing regexps",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le"
],
"known_not_affected": [
"8Base-RHOL-5.5:openshift-logging/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77_ppc64le",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e_s390x",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f_s390x",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8_amd64",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c_ppc64le",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197_arm64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132_amd64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29_s390x",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3_ppc64le",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0_s390x",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26_ppc64le",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8_arm64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le",
"8Base-RHOL-5.5:openshift-logging/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0_s390x",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936_arm64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d_arm64",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d_s390x",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d_arm64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc_arm64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b_amd64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41715"
},
{
"category": "external",
"summary": "RHBZ#2132872",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132872"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41715",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41715"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41715",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41715"
},
{
"category": "external",
"summary": "https://github.com/golang/go/issues/55949",
"url": "https://github.com/golang/go/issues/55949"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1",
"url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1"
}
],
"release_date": "2022-10-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-12-08T07:37:32+00:00",
"details": "For OpenShift Container Platform 4.11 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html\n\nFor Red Hat OpenShift Logging 5.5, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.11/logging/cluster-logging-upgrading.html",
"product_ids": [
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8781"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOL-5.5:openshift-logging/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77_ppc64le",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e_s390x",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f_s390x",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8_amd64",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c_ppc64le",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197_arm64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132_amd64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29_s390x",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3_ppc64le",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0_s390x",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26_ppc64le",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8_arm64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le",
"8Base-RHOL-5.5:openshift-logging/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0_s390x",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936_arm64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d_arm64",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d_s390x",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d_arm64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc_arm64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b_amd64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: regexp/syntax: limit memory used by parsing regexps"
},
{
"cve": "CVE-2022-42003",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-10-17T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOL-5.5:openshift-logging/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77_ppc64le",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e_s390x",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704_arm64",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f_s390x",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8_amd64",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c_ppc64le",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197_arm64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132_amd64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29_s390x",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3_ppc64le",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0_s390x",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26_ppc64le",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8_arm64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le",
"8Base-RHOL-5.5:openshift-logging/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0_s390x",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936_arm64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d_arm64",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d_s390x",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d_arm64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc_arm64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b_amd64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135244"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOL-5.5:openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x"
],
"known_not_affected": [
"8Base-RHOL-5.5:openshift-logging/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77_ppc64le",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e_s390x",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704_arm64",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f_s390x",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8_amd64",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c_ppc64le",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197_arm64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132_amd64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29_s390x",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3_ppc64le",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0_s390x",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26_ppc64le",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8_arm64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le",
"8Base-RHOL-5.5:openshift-logging/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0_s390x",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936_arm64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d_arm64",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d_s390x",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d_arm64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc_arm64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b_amd64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-42003"
},
{
"category": "external",
"summary": "RHBZ#2135244",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-42003",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003"
}
],
"release_date": "2022-10-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-12-08T07:37:32+00:00",
"details": "For OpenShift Container Platform 4.11 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html\n\nFor Red Hat OpenShift Logging 5.5, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.11/logging/cluster-logging-upgrading.html",
"product_ids": [
"8Base-RHOL-5.5:openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8781"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOL-5.5:openshift-logging/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77_ppc64le",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e_s390x",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f_s390x",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8_amd64",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c_ppc64le",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197_arm64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132_amd64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29_s390x",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3_ppc64le",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0_s390x",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26_ppc64le",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8_arm64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le",
"8Base-RHOL-5.5:openshift-logging/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0_s390x",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936_arm64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d_arm64",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d_s390x",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d_arm64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc_arm64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b_amd64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS"
},
{
"cve": "CVE-2022-42004",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-10-17T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOL-5.5:openshift-logging/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77_ppc64le",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e_s390x",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704_arm64",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f_s390x",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8_amd64",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c_ppc64le",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197_arm64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132_amd64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29_s390x",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3_ppc64le",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0_s390x",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26_ppc64le",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8_arm64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le",
"8Base-RHOL-5.5:openshift-logging/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0_s390x",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936_arm64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d_arm64",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d_s390x",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d_arm64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc_arm64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b_amd64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135247"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: use of deeply nested arrays",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOL-5.5:openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x"
],
"known_not_affected": [
"8Base-RHOL-5.5:openshift-logging/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77_ppc64le",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e_s390x",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704_arm64",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f_s390x",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8_amd64",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c_ppc64le",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197_arm64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132_amd64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29_s390x",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3_ppc64le",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0_s390x",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26_ppc64le",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8_arm64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le",
"8Base-RHOL-5.5:openshift-logging/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0_s390x",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936_arm64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d_arm64",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d_s390x",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d_arm64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc_arm64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b_amd64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-42004"
},
{
"category": "external",
"summary": "RHBZ#2135247",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-42004",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004"
}
],
"release_date": "2022-10-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-12-08T07:37:32+00:00",
"details": "For OpenShift Container Platform 4.11 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html\n\nFor Red Hat OpenShift Logging 5.5, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.11/logging/cluster-logging-upgrading.html",
"product_ids": [
"8Base-RHOL-5.5:openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8781"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOL-5.5:openshift-logging/cluster-logging-operator-bundle@sha256:4e6ada19c48d471db0513a1b5acba91ebecca42ce5127778b96a72d62af85289_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:2ae6adcdc2e2a59937393d1dd5ed572d5e8952d9272090e640e86b6386e6f42d_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:3fa3c169ba1dcf58b785c7962917980e8320f28821e1ae6887f69f8e2c44ff77_ppc64le",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:9bf3af645e3127501675b0403846d4d027c1a8158b764da91835c9d5d6e69c0e_s390x",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:f47b434af92096809a41f272b64f823cf8f18dca6f5f3dd19eb893803a333704_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-operator-bundle@sha256:b0cd76c8a40808f7bd958f3eb4419d8b83bf7fc7268928df206d112201b8f02b_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:2ea3f735c85dbc5ff61b06b7ce153624b479d8e6e5db02e39313d077f30ba1a8_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:607c9da7d689b47d2dd03450e76c4ba4ebfad0b40918aafdc292f3d88324478c_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:a675a1e5e41af683b4840bac10ddc25802120c9357deb63996b478883b522f36_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:fbd0c9e9f950fe7a86fbca643fb2b445dad6e6af3f6acc703c183ff23ad1f7bd_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:042fc4e4bfeba54937c3b18412bb0b63ae869d08d941ee489afee686e5cc5cab_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:33468166442c5b2d1efe2ba95e45fd7c7be70a61ce47f600071dd2c94e0a5494_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:acd5f97a99f44fbb171a49b39f18d5f3576256d1b499c2a45db97a3c7363fd22_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:efe8ac457c88dda976d3ff646fc9a22775aad65850b0461de23f59b4228c67fb_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:29386946cc140f739c2d0090636f23fdcc52842291e9d7afc6dabb22f96e18fa_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:6533a980b85e6770fe1eaa0c01b066cd71e717f6b1693b0c6224d263302b8684_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:90eea1b6df3cd5eeaa5e7129ad301108be22595ef89d93c1360ba959ff887b61_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:9a54c0ec2584201ac2b60e28a825f39d3e34ff0dff5a25dceec4c77181a11585_s390x",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:80e93cc593d29699e687c42e6ad7478b1edd9612394ac68717518896fbf3d59f_s390x",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:964653fa2debfd9d3182cfdc9d1c8e4e0af6b43ef17bce30461d6ad5550fabb8_amd64",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:bdcf68cb4d7dbccfe2c7914f59b5dda2782c4f86d599be05b9b56d1be1a44c1c_ppc64le",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:ef7118853a0497269ee4886fc440f351d0874dd45e1736ef057a9e9c5c47b197_arm64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:14d23de43f812da032cf4546429940537d3133e71655de62f062469b08953132_amd64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:20d9d6c99a80454aaf3e57474057b23280c60a2cceeaf9797b62c771b2071f29_s390x",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:850e19b4493a3c825cbe1237b5bb127ea6b9d3e9bdaa50aef85f89ddab7406b3_ppc64le",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:dfd9d7724b966a5e985713432adb4637d385a271b35d0ef00c5551a73ec6da9a_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:d1d24e642ce99d02107657c75150182231ef199f23b8c2e378d430409932a4b0_s390x",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:e0277f43b4f98df76de29e2c2e2777dcc4916fcad1623e16fe88efc9aa12359b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:f07eb3c5d5c022172251329bfe5c528c1400410117e4a5cfdc890a36bf1c0ef2_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:fb60d4c2c8beef219be6a1195664c637a86f091800b84f9ccbec93c95057bc75_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:4a9ed7277584f988ae878fe879e7634dbb72ffb181b750fefb88e9a361c3f901_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:90697005dca6ac797503de554e015023a992a9aaf9e3ac6832f69b17acb2ca26_ppc64le",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:a4fc6b62854a412a6882034aa52c1cb75c625d1a1fefbcac74f4ca1b832101b8_arm64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:d6b56fc7564941f340bb900c3e5b50452f8e9b73f335108ffef09954ea903ccb_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:2365daf06c70004a9f015e299e0da11e147ee1ee2874eff430335f820516a353_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:3837431f66e694bd4a8e2486a3f63eb3e3ec23b3a0af2197ec96ada8c1ab3785_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:4f7a36f783fd24c830578b0ac585b90190fb8009406b0f2ee2592278c4e48f9e_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:e6ba426e9607f1a78609fecaaff4cf1885df98b58042bab3677f5a3dc9eee435_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:80c210d802fb546813760c9a01eb49c038e172119751418afe3857cf85333252_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:98afc8e09fd230d8bb90cedd66cb6ac0f6f0c60195cb2f02910bb1ce564e477b_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:cea38f36c7b1620c9b76a02b884f0f5b18f3c0730217d658d69de9047e7cb655_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:f14f41b5822159739ea39d07619ab29c995c9cff0683653f683c7dace9efd4b8_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:23f3764606b50ada85bd3391fc7562fd912b5a91076c9ea1545f50350f576e8e_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:36750efa1396ca19d78661c6b6ac3248fd460f3c7eaedd2d4baef3f5eac4e33b_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:4970430e048958246de1a798fead9f1ab31d1a6ba051be4a9223c769671986d1_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:a155d48ba258d3950641c2066097dad7d9d8561ab23ea6f606e32fa9672e0780_ppc64le",
"8Base-RHOL-5.5:openshift-logging/loki-operator-bundle@sha256:18e86b71d8f7b537a6095ca5b55f8a12e7b5eda284f481c552e0b39f6497fd3f_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:1d11959ab71a0c2c968ae4f0d1824b8279c61e8732ac852be00d3701b3265dd0_s390x",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:bddf04e3d090c41952304c40f9609c7fb32d1dcb53d39fb81bd010ae7de1d936_arm64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:cd352e6c27ee021998392a8b9d06bda164f9ed55484534d4265e4acd1c9cf413_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:e8e8af399d2ab4bcd23bbb4886f529e9fb1f7389f0177257cf601320cae1d013_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:798f10ecfee7f066a4887f79f2972a281cab84ad1d9f2240889ed3ef4d954c5d_arm64",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:8572d4ba4377416b9331e108dec05dfd55b68349f6d074c3240b81b2acceaa1d_s390x",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:e9ba9b3f1b0db82ab5ed5541e18a77b26d5a6627d05935cd75a2ad3d019ed3d9_ppc64le",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:ea6b0a109e7e257006dfd4405f919178a209ab11abda06b8989d06ecbba8d844_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:4368adadd55f9181491a0b9165ec87e5e85cd9a020a99576649a3a6fe4f8fb4d_arm64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:6fac980e1119f932e7e4354d305f4a0d63956064e4e0d8502a3a15e431aa2859_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:738aae81461854fd080f80fa6b7913825eb5227fcfce2c5f6aeeac901fb0d16b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:b348a21736da16113a93206c8076ad34b973cae63997a5498b0d72229dd1049b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:152521851fd656f6b30eb01b679ce5ca60de243e7a3fc981506bb78dd9da9fdc_arm64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:2f029a58d4f84cb243631ebd994635f7768a79ba8bd22037b7a535a492adbd0b_amd64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b6e8056713657a281df193b7d9875d547813610e559c5c3cf81caf8ed17e9a7b_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:b76e6cba010f4f41a98a4c47f410043acb85da706e662ef78e45a38110f91874_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: use of deeply nested arrays"
}
]
}
RHSA-2023:0264
Vulnerability from csaf_redhat - Published: 2023-01-19 11:03 - Updated: 2026-05-27 08:35Summary
Red Hat Security Advisory: Red Hat OpenShift (Logging Subsystem) security update
Severity
Moderate
Notes
Topic: An update for Logging Subsystem (5.6.0) is now available for Red Hat OpenShift Container Platform.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
Details: Logging Subsystem 5.6.0 - Red Hat OpenShift
* logging-view-plugin-container: loader-utils: prototype pollution in function parseQuery in parseQuery.js (CVE-2022-37601)
* logging-elasticsearch6-container: jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)
* logging-loki-container: various flaws (CVE-2022-2879 CVE-2022-2880 CVE-2022-41715)
* logging-loki-container: golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)
* golang: net/url: JoinPath does not strip relative path components in all circumstances (CVE-2022-32190)
* org.elasticsearch-elasticsearch: jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)
* org.elasticsearch-elasticsearch: jackson-databind: use of deeply nested arrays (CVE-2022-42004)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64 | — |
Vendor Fix
fix
|
Known not affected
59 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le | — |
Threats
Impact
Moderate
A flaw was found in the golang package, where Reader.Read does not set a limit on the maximum size of file headers. After fixing, Reader.Read limits the maximum size of header blocks to 1 MiB. This flaw allows a maliciously crafted archive to cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panic.
6.5 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x | — |
Vendor Fix
fix
|
Known not affected
59 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le | — |
Threats
Impact
Moderate
A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After the fix, the reverse proxy sanitizes the query parameters in the forwarded query when the outbound request's form field is set after the reverse proxy. The director function returns, indicating that the proxy has parsed the query parameters. Proxies that do not parse query parameters continue to forward the original query parameters unchanged.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x | — |
Vendor Fix
fix
|
Known not affected
59 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le | — |
Threats
Impact
Moderate
A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown.
6.5 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x | — |
Vendor Fix
fix
|
Known not affected
59 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le | — |
Threats
Impact
Moderate
A flaw was found in the golang package. The JoinPath doesn't remove the ../ path components appended to a domain that is not terminated by a slash, possibly leading to a directory traversal attack.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x | — |
Vendor Fix
fix
|
Known not affected
59 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le | — |
Threats
Impact
Moderate
A prototype pollution vulnerability was found in the parseQuery function in parseQuery.js in the webpack loader-utils via the name variable in parseQuery.js. This flaw can lead to a denial of service or remote code execution.
8.1 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64 | — |
Vendor Fix
fix
|
Known not affected
59 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le | — |
Threats
Impact
Moderate
A flaw was found in the golang package, where programs that compile regular expressions from untrusted sources are vulnerable to memory exhaustion or a denial of service. The parsed regexp representation is linear in the input size. Still, in some cases, the constant factor can be as high as 40,000, making a relatively small regexp consume larger amounts of memory. After the fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Routine use of regular expressions is unaffected.
6.5 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x | — |
Vendor Fix
fix
|
Known not affected
59 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le | — |
Threats
Impact
Moderate
A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64 | — |
Vendor Fix
fix
|
Known not affected
59 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le | — |
Threats
Impact
Moderate
A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64 | — |
Vendor Fix
fix
|
Known not affected
59 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le | — |
Threats
Impact
Moderate
References
86 references
Acknowledgments
ADA Logics
Adam Korczynski
OSS-Fuzz
Head of Research, Oxeye
Daniel Abeles
Security Researcher, Oxeye
Gal Goldstein
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for Logging Subsystem (5.6.0) is now available for Red Hat OpenShift Container Platform.\n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Logging Subsystem 5.6.0 - Red Hat OpenShift\n\n* logging-view-plugin-container: loader-utils: prototype pollution in function parseQuery in parseQuery.js (CVE-2022-37601)\n* logging-elasticsearch6-container: jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)\n* logging-loki-container: various flaws (CVE-2022-2879 CVE-2022-2880 CVE-2022-41715)\n* logging-loki-container: golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)\n* golang: net/url: JoinPath does not strip relative path components in all circumstances (CVE-2022-32190)\n* org.elasticsearch-elasticsearch: jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)\n* org.elasticsearch-elasticsearch: jackson-databind: use of deeply nested arrays (CVE-2022-42004)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:0264",
"url": "https://access.redhat.com/errata/RHSA-2023:0264"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2064698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698"
},
{
"category": "external",
"summary": "2124668",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124668"
},
{
"category": "external",
"summary": "2124669",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124669"
},
{
"category": "external",
"summary": "2132867",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132867"
},
{
"category": "external",
"summary": "2132868",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132868"
},
{
"category": "external",
"summary": "2132872",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132872"
},
{
"category": "external",
"summary": "2134876",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134876"
},
{
"category": "external",
"summary": "2135244",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244"
},
{
"category": "external",
"summary": "2135247",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247"
},
{
"category": "external",
"summary": "LOG-2217",
"url": "https://issues.redhat.com/browse/LOG-2217"
},
{
"category": "external",
"summary": "LOG-2620",
"url": "https://issues.redhat.com/browse/LOG-2620"
},
{
"category": "external",
"summary": "LOG-2819",
"url": "https://issues.redhat.com/browse/LOG-2819"
},
{
"category": "external",
"summary": "LOG-2822",
"url": "https://issues.redhat.com/browse/LOG-2822"
},
{
"category": "external",
"summary": "LOG-2843",
"url": "https://issues.redhat.com/browse/LOG-2843"
},
{
"category": "external",
"summary": "LOG-2919",
"url": "https://issues.redhat.com/browse/LOG-2919"
},
{
"category": "external",
"summary": "LOG-2962",
"url": "https://issues.redhat.com/browse/LOG-2962"
},
{
"category": "external",
"summary": "LOG-2993",
"url": "https://issues.redhat.com/browse/LOG-2993"
},
{
"category": "external",
"summary": "LOG-3072",
"url": "https://issues.redhat.com/browse/LOG-3072"
},
{
"category": "external",
"summary": "LOG-3090",
"url": "https://issues.redhat.com/browse/LOG-3090"
},
{
"category": "external",
"summary": "LOG-3157",
"url": "https://issues.redhat.com/browse/LOG-3157"
},
{
"category": "external",
"summary": "LOG-3161",
"url": "https://issues.redhat.com/browse/LOG-3161"
},
{
"category": "external",
"summary": "LOG-3168",
"url": "https://issues.redhat.com/browse/LOG-3168"
},
{
"category": "external",
"summary": "LOG-3169",
"url": "https://issues.redhat.com/browse/LOG-3169"
},
{
"category": "external",
"summary": "LOG-3180",
"url": "https://issues.redhat.com/browse/LOG-3180"
},
{
"category": "external",
"summary": "LOG-3186",
"url": "https://issues.redhat.com/browse/LOG-3186"
},
{
"category": "external",
"summary": "LOG-3194",
"url": "https://issues.redhat.com/browse/LOG-3194"
},
{
"category": "external",
"summary": "LOG-3195",
"url": "https://issues.redhat.com/browse/LOG-3195"
},
{
"category": "external",
"summary": "LOG-3208",
"url": "https://issues.redhat.com/browse/LOG-3208"
},
{
"category": "external",
"summary": "LOG-3224",
"url": "https://issues.redhat.com/browse/LOG-3224"
},
{
"category": "external",
"summary": "LOG-3235",
"url": "https://issues.redhat.com/browse/LOG-3235"
},
{
"category": "external",
"summary": "LOG-3286",
"url": "https://issues.redhat.com/browse/LOG-3286"
},
{
"category": "external",
"summary": "LOG-3292",
"url": "https://issues.redhat.com/browse/LOG-3292"
},
{
"category": "external",
"summary": "LOG-3296",
"url": "https://issues.redhat.com/browse/LOG-3296"
},
{
"category": "external",
"summary": "LOG-3309",
"url": "https://issues.redhat.com/browse/LOG-3309"
},
{
"category": "external",
"summary": "LOG-3324",
"url": "https://issues.redhat.com/browse/LOG-3324"
},
{
"category": "external",
"summary": "LOG-3331",
"url": "https://issues.redhat.com/browse/LOG-3331"
},
{
"category": "external",
"summary": "LOG-3446",
"url": "https://issues.redhat.com/browse/LOG-3446"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_0264.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift (Logging Subsystem) security update",
"tracking": {
"current_release_date": "2026-05-27T08:35:25+00:00",
"generator": {
"date": "2026-05-27T08:35:25+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2023:0264",
"initial_release_date": "2023-01-19T11:03:41+00:00",
"revision_history": [
{
"date": "2023-01-19T11:03:41+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-01-19T11:03:41+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-27T08:35:25+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHOL 5.6 for RHEL 8",
"product": {
"name": "RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:logging:5.6::el8"
}
}
}
],
"category": "product_family",
"name": "logging for Red Hat OpenShift"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64",
"product": {
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64",
"product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.6.0-68"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64",
"product": {
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64",
"product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.6.0-21"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64",
"product": {
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64",
"product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-331"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64",
"product": {
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64",
"product_id": "openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64",
"product_identification_helper": {
"purl": "pkg:oci/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel8\u0026tag=v1.1.0-91"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64",
"product": {
"name": "openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64",
"product_id": "openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64",
"product_identification_helper": {
"purl": "pkg:oci/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.8.1-270"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64",
"product": {
"name": "openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64",
"product_id": "openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-285"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64",
"product": {
"name": "openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64",
"product_id": "openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64",
"product_identification_helper": {
"purl": "pkg:oci/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.4.0-72"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64",
"product": {
"name": "openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64",
"product_id": "openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64",
"product_identification_helper": {
"purl": "pkg:oci/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.14.6-71"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64",
"product": {
"name": "openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64",
"product_id": "openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-322"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64",
"product": {
"name": "openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64",
"product_id": "openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64",
"product_identification_helper": {
"purl": "pkg:oci/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/logging-loki-rhel8\u0026tag=v2.7.1-8"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64",
"product": {
"name": "openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64",
"product_id": "openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64",
"product_identification_helper": {
"purl": "pkg:oci/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/vector-rhel8\u0026tag=v0.21.0-46"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64",
"product": {
"name": "openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64",
"product_id": "openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64",
"product_identification_helper": {
"purl": "pkg:oci/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/logging-view-plugin-rhel8\u0026tag=v5.6.0-28"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64",
"product": {
"name": "openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64",
"product_id": "openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64",
"product_identification_helper": {
"purl": "pkg:oci/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/loki-rhel8-operator\u0026tag=v5.6.0-53"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64",
"product": {
"name": "openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64",
"product_id": "openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64",
"product_identification_helper": {
"purl": "pkg:oci/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/lokistack-gateway-rhel8\u0026tag=v0.1.0-110"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64",
"product": {
"name": "openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64",
"product_id": "openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64",
"product_identification_helper": {
"purl": "pkg:oci/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/opa-openshift-rhel8\u0026tag=v0.1.0-43"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x",
"product": {
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x",
"product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x",
"product_identification_helper": {
"purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.6.0-68"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x",
"product": {
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x",
"product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.6.0-21"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x",
"product": {
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x",
"product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-331"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x",
"product": {
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x",
"product_id": "openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel8\u0026tag=v1.1.0-91"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x",
"product": {
"name": "openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x",
"product_id": "openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x",
"product_identification_helper": {
"purl": "pkg:oci/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.8.1-270"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x",
"product": {
"name": "openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x",
"product_id": "openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-285"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x",
"product": {
"name": "openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x",
"product_id": "openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.4.0-72"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x",
"product": {
"name": "openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x",
"product_id": "openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x",
"product_identification_helper": {
"purl": "pkg:oci/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.14.6-71"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x",
"product": {
"name": "openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x",
"product_id": "openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-322"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x",
"product": {
"name": "openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x",
"product_id": "openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x",
"product_identification_helper": {
"purl": "pkg:oci/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/logging-loki-rhel8\u0026tag=v2.7.1-8"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x",
"product": {
"name": "openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x",
"product_id": "openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x",
"product_identification_helper": {
"purl": "pkg:oci/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/vector-rhel8\u0026tag=v0.21.0-46"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x",
"product": {
"name": "openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x",
"product_id": "openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x",
"product_identification_helper": {
"purl": "pkg:oci/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/logging-view-plugin-rhel8\u0026tag=v5.6.0-28"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x",
"product": {
"name": "openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x",
"product_id": "openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x",
"product_identification_helper": {
"purl": "pkg:oci/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/loki-rhel8-operator\u0026tag=v5.6.0-53"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x",
"product": {
"name": "openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x",
"product_id": "openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/lokistack-gateway-rhel8\u0026tag=v0.1.0-110"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x",
"product": {
"name": "openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x",
"product_id": "openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x",
"product_identification_helper": {
"purl": "pkg:oci/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/opa-openshift-rhel8\u0026tag=v0.1.0-43"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64",
"product": {
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64",
"product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.6.0-68"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64",
"product": {
"name": "openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64",
"product_id": "openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-operator-bundle\u0026tag=v5.6.0-142"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64",
"product": {
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64",
"product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.6.0-21"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64",
"product": {
"name": "openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64",
"product_id": "openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-operator-bundle\u0026tag=v5.6.0-130"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64",
"product": {
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64",
"product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-331"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64",
"product": {
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64",
"product_id": "openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64",
"product_identification_helper": {
"purl": "pkg:oci/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel8\u0026tag=v1.1.0-91"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64",
"product": {
"name": "openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64",
"product_id": "openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64",
"product_identification_helper": {
"purl": "pkg:oci/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.8.1-270"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64",
"product": {
"name": "openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64",
"product_id": "openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-285"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64",
"product": {
"name": "openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64",
"product_id": "openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64",
"product_identification_helper": {
"purl": "pkg:oci/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.4.0-72"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64",
"product": {
"name": "openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64",
"product_id": "openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.14.6-71"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64",
"product": {
"name": "openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64",
"product_id": "openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-322"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64",
"product": {
"name": "openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64",
"product_id": "openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64",
"product_identification_helper": {
"purl": "pkg:oci/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/logging-loki-rhel8\u0026tag=v2.7.1-8"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64",
"product": {
"name": "openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64",
"product_id": "openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64",
"product_identification_helper": {
"purl": "pkg:oci/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/vector-rhel8\u0026tag=v0.21.0-46"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64",
"product": {
"name": "openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64",
"product_id": "openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64",
"product_identification_helper": {
"purl": "pkg:oci/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/logging-view-plugin-rhel8\u0026tag=v5.6.0-28"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64",
"product": {
"name": "openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64",
"product_id": "openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64",
"product_identification_helper": {
"purl": "pkg:oci/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/loki-operator-bundle\u0026tag=v5.6.0-172"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64",
"product": {
"name": "openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64",
"product_id": "openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/loki-rhel8-operator\u0026tag=v5.6.0-53"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64",
"product": {
"name": "openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64",
"product_id": "openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64",
"product_identification_helper": {
"purl": "pkg:oci/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/lokistack-gateway-rhel8\u0026tag=v0.1.0-110"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64",
"product": {
"name": "openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64",
"product_id": "openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64",
"product_identification_helper": {
"purl": "pkg:oci/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/opa-openshift-rhel8\u0026tag=v0.1.0-43"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le",
"product": {
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le",
"product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.6.0-68"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le",
"product": {
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le",
"product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.6.0-21"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le",
"product": {
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le",
"product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-331"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le",
"product": {
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le",
"product_id": "openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel8\u0026tag=v1.1.0-91"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le",
"product": {
"name": "openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le",
"product_id": "openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.8.1-270"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le",
"product": {
"name": "openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le",
"product_id": "openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-285"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le",
"product": {
"name": "openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le",
"product_id": "openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.4.0-72"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le",
"product": {
"name": "openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le",
"product_id": "openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.14.6-71"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le",
"product": {
"name": "openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le",
"product_id": "openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-322"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le",
"product": {
"name": "openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le",
"product_id": "openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/logging-loki-rhel8\u0026tag=v2.7.1-8"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le",
"product": {
"name": "openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le",
"product_id": "openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/vector-rhel8\u0026tag=v0.21.0-46"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le",
"product": {
"name": "openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le",
"product_id": "openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/logging-view-plugin-rhel8\u0026tag=v5.6.0-28"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le",
"product": {
"name": "openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le",
"product_id": "openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/loki-rhel8-operator\u0026tag=v5.6.0-53"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le",
"product": {
"name": "openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le",
"product_id": "openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/lokistack-gateway-rhel8\u0026tag=v0.1.0-110"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le",
"product": {
"name": "openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le",
"product_id": "openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/opa-openshift-rhel8\u0026tag=v0.1.0-43"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64"
},
"product_reference": "openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le"
},
"product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64"
},
"product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x"
},
"product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64"
},
"product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64"
},
"product_reference": "openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le"
},
"product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64"
},
"product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64"
},
"product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x"
},
"product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64"
},
"product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le"
},
"product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x"
},
"product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64"
},
"product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64"
},
"product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x"
},
"product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le"
},
"product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64"
},
"product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64"
},
"product_reference": "openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x"
},
"product_reference": "openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le"
},
"product_reference": "openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64"
},
"product_reference": "openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le"
},
"product_reference": "openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64"
},
"product_reference": "openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x"
},
"product_reference": "openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64"
},
"product_reference": "openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le"
},
"product_reference": "openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64"
},
"product_reference": "openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64"
},
"product_reference": "openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x"
},
"product_reference": "openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x"
},
"product_reference": "openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64"
},
"product_reference": "openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le"
},
"product_reference": "openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64"
},
"product_reference": "openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64"
},
"product_reference": "openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le"
},
"product_reference": "openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64"
},
"product_reference": "openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x"
},
"product_reference": "openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le"
},
"product_reference": "openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64"
},
"product_reference": "openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64"
},
"product_reference": "openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x"
},
"product_reference": "openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64"
},
"product_reference": "openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le"
},
"product_reference": "openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x"
},
"product_reference": "openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64"
},
"product_reference": "openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64"
},
"product_reference": "openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le"
},
"product_reference": "openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64"
},
"product_reference": "openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x"
},
"product_reference": "openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64"
},
"product_reference": "openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x"
},
"product_reference": "openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le"
},
"product_reference": "openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64"
},
"product_reference": "openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64"
},
"product_reference": "openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x"
},
"product_reference": "openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64"
},
"product_reference": "openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64"
},
"product_reference": "openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le"
},
"product_reference": "openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64"
},
"product_reference": "openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x"
},
"product_reference": "openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64"
},
"product_reference": "openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le"
},
"product_reference": "openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-36518",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-03-16T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64",
"8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2064698"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: denial of service via a large depth of nested objects",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "CodeReady Studio is no longer supported and therefore this flaw will not be addressed in CodeReady Studio.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64"
],
"known_not_affected": [
"8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64",
"8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-36518"
},
{
"category": "external",
"summary": "RHBZ#2064698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-36518",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36518"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-57j2-w4cx-62h2",
"url": "https://github.com/advisories/GHSA-57j2-w4cx-62h2"
}
],
"release_date": "2020-08-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-19T11:03:41+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0264"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64",
"8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: denial of service via a large depth of nested objects"
},
{
"acknowledgments": [
{
"names": [
"Adam Korczynski"
],
"organization": "ADA Logics"
},
{
"names": [
"OSS-Fuzz"
]
}
],
"cve": "CVE-2022-2879",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2022-10-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64",
"8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2132867"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package, where Reader.Read does not set a limit on the maximum size of file headers. After fixing, Reader.Read limits the maximum size of header blocks to 1 MiB. This flaw allows a maliciously crafted archive to cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panic.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/tar: github.com/vbatts/tar-split: unbounded memory consumption when reading headers",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.\n\n\nThis flaw additionally affects the github.com/vbatts/tar-split library and was fixed in v0.12.1.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x"
],
"known_not_affected": [
"8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64",
"8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-2879"
},
{
"category": "external",
"summary": "RHBZ#2132867",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132867"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-2879",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2879"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2879",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2879"
},
{
"category": "external",
"summary": "https://github.com/golang/go/issues/54853",
"url": "https://github.com/golang/go/issues/54853"
},
{
"category": "external",
"summary": "https://github.com/vbatts/tar-split/releases/tag/v0.12.1",
"url": "https://github.com/vbatts/tar-split/releases/tag/v0.12.1"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1",
"url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1"
}
],
"release_date": "2022-10-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-19T11:03:41+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0264"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64",
"8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: archive/tar: github.com/vbatts/tar-split: unbounded memory consumption when reading headers"
},
{
"acknowledgments": [
{
"names": [
"Daniel Abeles"
],
"organization": "Head of Research, Oxeye"
},
{
"names": [
"Gal Goldstein"
],
"organization": "Security Researcher, Oxeye"
}
],
"cve": "CVE-2022-2880",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2022-10-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64",
"8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2132868"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After the fix, the reverse proxy sanitizes the query parameters in the forwarded query when the outbound request\u0027s form field is set after the reverse proxy. The director function returns, indicating that the proxy has parsed the query parameters. Proxies that do not parse query parameters continue to forward the original query parameters unchanged.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity to exploit this vulnerability is limited to the Golang runtime. In the case of the OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x"
],
"known_not_affected": [
"8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64",
"8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-2880"
},
{
"category": "external",
"summary": "RHBZ#2132868",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132868"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-2880",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2880"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2880",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2880"
},
{
"category": "external",
"summary": "https://github.com/golang/go/issues/54663",
"url": "https://github.com/golang/go/issues/54663"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1",
"url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1"
}
],
"release_date": "2022-10-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-19T11:03:41+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0264"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64",
"8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters"
},
{
"cve": "CVE-2022-27664",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-09-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64",
"8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2124669"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: handle server errors after sending GOAWAY",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x"
],
"known_not_affected": [
"8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64",
"8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-27664"
},
{
"category": "external",
"summary": "RHBZ#2124669",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124669"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-27664",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27664"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-27664",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27664"
},
{
"category": "external",
"summary": "https://go.dev/issue/54658",
"url": "https://go.dev/issue/54658"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ",
"url": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ"
}
],
"release_date": "2022-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-19T11:03:41+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0264"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64",
"8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: handle server errors after sending GOAWAY"
},
{
"cve": "CVE-2022-32190",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2022-09-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64",
"8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2124668"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package. The JoinPath doesn\u0027t remove the ../ path components appended to a domain that is not terminated by a slash, possibly leading to a directory traversal attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: JoinPath does not strip relative path components in all circumstances",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The vulnerable functions, JoinPath and URL.JoinPath was introduced in upstream go1.19, whereas, RHEL ships go1.17 and go1.18 versions, which does not contain the vulnerable code. Hence, packages shipped with RHEL-8, RHEL-9 are not affected.\n\nAll Y stream releases of OpenShift Container Platform 4 run on RHEL-8 or RHEL-9, so OCP 4 is also not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x"
],
"known_not_affected": [
"8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64",
"8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-32190"
},
{
"category": "external",
"summary": "RHBZ#2124668",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124668"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-32190",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32190"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32190",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32190"
},
{
"category": "external",
"summary": "https://go.dev/issue/54385",
"url": "https://go.dev/issue/54385"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ",
"url": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ"
}
],
"release_date": "2022-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-19T11:03:41+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0264"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64",
"8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/url: JoinPath does not strip relative path components in all circumstances"
},
{
"cve": "CVE-2022-37601",
"cwe": {
"id": "CWE-1321",
"name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
},
"discovery_date": "2022-10-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x",
"8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2134876"
}
],
"notes": [
{
"category": "description",
"text": "A prototype pollution vulnerability was found in the parseQuery function in parseQuery.js in the webpack loader-utils via the name variable in parseQuery.js. This flaw can lead to a denial of service or remote code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "loader-utils: prototype pollution in function parseQuery in parseQuery.js",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Packages shipped in Red Hat Enterprise Linux use \u0027loader-utils\u0027 as a transitive dependency. Thus, reducing the impact to Moderate.\n\nIn Red Hat containerized products like OCP and ODF, the vulnerable loader-utils NodeJS module is bundled as a transitive dependency, hence the direct impact is reduced to Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64"
],
"known_not_affected": [
"8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x",
"8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-37601"
},
{
"category": "external",
"summary": "RHBZ#2134876",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134876"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-37601",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37601"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-37601",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37601"
},
{
"category": "external",
"summary": "https://github.com/webpack/loader-utils/issues/212",
"url": "https://github.com/webpack/loader-utils/issues/212"
}
],
"release_date": "2022-10-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-19T11:03:41+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0264"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64",
"8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "loader-utils: prototype pollution in function parseQuery in parseQuery.js"
},
{
"acknowledgments": [
{
"names": [
"Adam Korczynski"
],
"organization": "ADA Logics"
},
{
"names": [
"OSS-Fuzz"
]
}
],
"cve": "CVE-2022-41715",
"discovery_date": "2022-10-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64",
"8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2132872"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package, where programs that compile regular expressions from untrusted sources are vulnerable to memory exhaustion or a denial of service. The parsed regexp representation is linear in the input size. Still, in some cases, the constant factor can be as high as 40,000, making a relatively small regexp consume larger amounts of memory. After the fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Routine use of regular expressions is unaffected.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: regexp/syntax: limit memory used by parsing regexps",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x"
],
"known_not_affected": [
"8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64",
"8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41715"
},
{
"category": "external",
"summary": "RHBZ#2132872",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132872"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41715",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41715"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41715",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41715"
},
{
"category": "external",
"summary": "https://github.com/golang/go/issues/55949",
"url": "https://github.com/golang/go/issues/55949"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1",
"url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1"
}
],
"release_date": "2022-10-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-19T11:03:41+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0264"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64",
"8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: regexp/syntax: limit memory used by parsing regexps"
},
{
"cve": "CVE-2022-42003",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-10-17T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64",
"8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135244"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64"
],
"known_not_affected": [
"8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64",
"8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-42003"
},
{
"category": "external",
"summary": "RHBZ#2135244",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-42003",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003"
}
],
"release_date": "2022-10-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-19T11:03:41+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0264"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64",
"8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS"
},
{
"cve": "CVE-2022-42004",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-10-17T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64",
"8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135247"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: use of deeply nested arrays",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64"
],
"known_not_affected": [
"8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64",
"8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-42004"
},
{
"category": "external",
"summary": "RHBZ#2135247",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-42004",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004"
}
],
"release_date": "2022-10-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-19T11:03:41+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0264"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:5d23a3070de2f99187bdbfa22d174a6c2cc3f649041c3b245fbb09716d43ef26_amd64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:68fb404f3a4c9ed1801943fa2ebe881f3bba7756eb07167897e0e314976fb2d5_ppc64le",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6bb28d1d4b02ca917b0b9bde85f19701dcb2622e9f2edb8763701c6dfe0e24cf_arm64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:790a836cc11b2c00da7192b9b015b60f37aae1b16d667dec1bebd42c350b2914_s390x",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:c7e150a9ca0a73f408a75c10938d0fe9d40119a3820819911b79e288816ed964_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:ffd0eca485e307aecb2c63b55d0b3c12cef7df50462f84bd29d35acec35f5463_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:2711fac0ffede01998c444552e354bb000fbfddbb92989e1b65378f26fbcd127_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4afba3e79b74b131daf317ff257794d41af443722e3412aabed88f7c14dbc136_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:4fe4f86fa912c533b67c3c51ded894914d2de64adb829cd5483de2138e7a7c8c_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:b81c24ca60bf144b5abea582b60d669ccbb4f3c4bf920fde596b466831822a3e_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:3a950c73793a13c854e70e5149a06432217751ddb123b74f1c0b464a6f6330bb_ppc64le",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:ed63f88f55cd7a37a79d6f55f43ed66f03df81eff2c5cfbd80c815c0a228c23e_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:edec56f852ed44006e02b8774725d9a53a31262b1686f0eb64a9499e1182e869_s390x",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f1b6f8da207711125204805b14b33e00df196478291fb8092f6935c23616017e_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2e2a06e0d36b930c8a9377d2dddb1f38084fe63a9b64f6ea08387354d5387643_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:738813a7633e6ad5157023bb5d6be4a183b26efdf57ea97f24fe58f482dd478f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:918c79919caf0cdf08f3f35c1537472893ab3765f19950ccd0b2dd88c2f66464_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:ab8c4d7a32d21a47cf8918d0f9e14bedbb441c29210b4218f18e6166687d3918_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:1d7363ec7ab256aa0855153d6b60dda68f97f526bf3cc74c56e01a0fa729ee3f_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:3aece4f28845789d752cf8bb1fe9576ed744a04037ab4c377df612e58f7f1594_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a49d73d230c4e869322ffc622edd1afa772143a16f972faf5789a94e0e082dcc_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:a7bd9cea0fb94dcbf5e7656d5478f02cbdd98cf68df15d6944488be1bf3139df_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:028d9723585dd67607a3b37562107fbb1c909a241d8493e70aa32511d985f051_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:1ece8f1ac42a23e083a2c0ecc85d5bb54b9cf0bc456b3bb22a42cbe84505ac23_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:5a67525a4f1f68aba4af8c7414d98d30f99280d5d135e1e00d5b72558fd06357_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:86e2e187ef7ccf6db444d39b4e2d3c192b9a9dff8594eefb71caedd134574cbb_arm64",
"8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:e76e2484009b14313587ed664d2e25972328a20e25395f10ddc1d74add74e894_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0321c12065ce746b2816a13de56e6ba3a9249ca8cd4af8be323cc07bcbb88122_ppc64le",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0fd489d18145e3b377f1fc09e9f8e8b810b1cf5d7eeedb6e5a156b768105ffc8_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6b943512129de2f170a8fcc339c1d7a03428c3c67d703692507c24a81d706968_s390x",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b928fad29ba5e0329eced4d762887a375cea06cbbb0fc3b7beddb1c8057dccb0_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:013c8de091db9550fc2d1e78289d9a3e7e28409c314f3c63d19b0e5ffe3ab62f_s390x",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:10c7951328a81f2de9b7ecc91f3fd3d4bc822fa86f21f8a53d25c135248bc5c2_ppc64le",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6faf9a67fd1e9f57358409f6afdc45f3df94d6aa7d1eba7be3fe369dc5956c4f_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:9a769e66142bb770bdb7010aefd0a0459205f08509e3e012fe68913390cba464_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: use of deeply nested arrays"
}
]
}
RHSA-2023:0328
Vulnerability from csaf_redhat - Published: 2023-01-23 15:26 - Updated: 2026-05-27 08:35Summary
Red Hat Security Advisory: go-toolset and golang security and bug fix update
Severity
Moderate
Notes
Topic: An update for go-toolset and golang is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang.
The golang packages provide the Go programming language compiler.
Security Fix(es):
* golang: archive/tar: unbounded memory consumption when reading headers (CVE-2022-2879)
* golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880)
* golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* Internal linking fails on ppc64le (BZ#2144547)
* crypto testcases fail on golang on s390x [rhel-9] (BZ#2149311)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the golang package, where Reader.Read does not set a limit on the maximum size of file headers. After fixing, Reader.Read limits the maximum size of header blocks to 1 MiB. This flaw allows a maliciously crafted archive to cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panic.
6.5 (Medium)
Affected products
Fixed
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:golang-docs-0:1.18.9-1.el9_1.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:golang-misc-0:1.18.9-1.el9_1.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:golang-race-0:1.18.9-1.el9_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:golang-src-0:1.18.9-1.el9_1.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:golang-tests-0:1.18.9-1.el9_1.noarch | — |
Vendor Fix
fix
|
Known not affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.aarch64 | — | ||
| Unresolved product id: AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.ppc64le | — | ||
| Unresolved product id: AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.s390x | — | ||
| Unresolved product id: AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.src | — | ||
| Unresolved product id: AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.x86_64 | — |
Threats
Impact
Moderate
A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After the fix, the reverse proxy sanitizes the query parameters in the forwarded query when the outbound request's form field is set after the reverse proxy. The director function returns, indicating that the proxy has parsed the query parameters. Proxies that do not parse query parameters continue to forward the original query parameters unchanged.
7.5 (High)
Affected products
Fixed
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:golang-docs-0:1.18.9-1.el9_1.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:golang-misc-0:1.18.9-1.el9_1.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:golang-race-0:1.18.9-1.el9_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:golang-src-0:1.18.9-1.el9_1.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:golang-tests-0:1.18.9-1.el9_1.noarch | — |
Vendor Fix
fix
|
Known not affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.aarch64 | — | ||
| Unresolved product id: AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.ppc64le | — | ||
| Unresolved product id: AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.s390x | — | ||
| Unresolved product id: AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.src | — | ||
| Unresolved product id: AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.x86_64 | — |
Threats
Impact
Moderate
A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown.
6.5 (Medium)
Affected products
Fixed
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:golang-docs-0:1.18.9-1.el9_1.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:golang-misc-0:1.18.9-1.el9_1.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:golang-race-0:1.18.9-1.el9_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:golang-src-0:1.18.9-1.el9_1.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:golang-tests-0:1.18.9-1.el9_1.noarch | — |
Vendor Fix
fix
|
Known not affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.aarch64 | — | ||
| Unresolved product id: AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.ppc64le | — | ||
| Unresolved product id: AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.s390x | — | ||
| Unresolved product id: AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.src | — | ||
| Unresolved product id: AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.x86_64 | — |
Threats
Impact
Moderate
An uncontrolled resource consumption flaw was found in Golang math/big. A too-short encoded message can cause a panic in Float.GobDecode and Rat.GobDecode in math/big in Go, potentially allowing an attacker to create a denial of service, impacting availability.
6.5 (Medium)
Affected products
Fixed
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:golang-docs-0:1.18.9-1.el9_1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:golang-misc-0:1.18.9-1.el9_1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:golang-race-0:1.18.9-1.el9_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:golang-src-0:1.18.9-1.el9_1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:golang-tests-0:1.18.9-1.el9_1.noarch | — |
Vendor Fix
fix
Workaround
|
Known not affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.aarch64 | — |
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.ppc64le | — |
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.s390x | — |
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.src | — |
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.x86_64 | — |
Workaround
|
Threats
Impact
Low
A flaw was found in the golang package, where programs that compile regular expressions from untrusted sources are vulnerable to memory exhaustion or a denial of service. The parsed regexp representation is linear in the input size. Still, in some cases, the constant factor can be as high as 40,000, making a relatively small regexp consume larger amounts of memory. After the fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Routine use of regular expressions is unaffected.
6.5 (Medium)
Affected products
Fixed
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:golang-docs-0:1.18.9-1.el9_1.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:golang-misc-0:1.18.9-1.el9_1.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:golang-race-0:1.18.9-1.el9_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:golang-src-0:1.18.9-1.el9_1.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:golang-tests-0:1.18.9-1.el9_1.noarch | — |
Vendor Fix
fix
|
Known not affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.aarch64 | — | ||
| Unresolved product id: AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.ppc64le | — | ||
| Unresolved product id: AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.s390x | — | ||
| Unresolved product id: AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.src | — | ||
| Unresolved product id: AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.x86_64 | — |
Threats
Impact
Moderate
A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.
5.3 (Medium)
Affected products
Fixed
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:golang-docs-0:1.18.9-1.el9_1.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:golang-misc-0:1.18.9-1.el9_1.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:golang-race-0:1.18.9-1.el9_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:golang-src-0:1.18.9-1.el9_1.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:golang-tests-0:1.18.9-1.el9_1.noarch | — |
Vendor Fix
fix
|
Known not affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.aarch64 | — | ||
| Unresolved product id: AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.ppc64le | — | ||
| Unresolved product id: AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.s390x | — | ||
| Unresolved product id: AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.src | — | ||
| Unresolved product id: AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.x86_64 | — |
Threats
Impact
Moderate
References
45 references
Acknowledgments
ADA Logics
Adam Korczynski
OSS-Fuzz
Head of Research, Oxeye
Daniel Abeles
Security Researcher, Oxeye
Gal Goldstein
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for go-toolset and golang is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang.\n\nThe golang packages provide the Go programming language compiler.\n\nSecurity Fix(es):\n\n* golang: archive/tar: unbounded memory consumption when reading headers (CVE-2022-2879)\n\n* golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880)\n\n* golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Internal linking fails on ppc64le (BZ#2144547)\n\n* crypto testcases fail on golang on s390x [rhel-9] (BZ#2149311)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:0328",
"url": "https://access.redhat.com/errata/RHSA-2023:0328"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2132867",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132867"
},
{
"category": "external",
"summary": "2132868",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132868"
},
{
"category": "external",
"summary": "2132872",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132872"
},
{
"category": "external",
"summary": "2149311",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2149311"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_0328.json"
}
],
"title": "Red Hat Security Advisory: go-toolset and golang security and bug fix update",
"tracking": {
"current_release_date": "2026-05-27T08:35:25+00:00",
"generator": {
"date": "2026-05-27T08:35:25+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2023:0328",
"initial_release_date": "2023-01-23T15:26:30+00:00",
"revision_history": [
{
"date": "2023-01-23T15:26:30+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-01-23T15:26:30+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-27T08:35:25+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.Z.MAIN",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "go-toolset-0:1.18.9-1.el9_1.src",
"product": {
"name": "go-toolset-0:1.18.9-1.el9_1.src",
"product_id": "go-toolset-0:1.18.9-1.el9_1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/go-toolset@1.18.9-1.el9_1?arch=src"
}
}
},
{
"category": "product_version",
"name": "golang-0:1.18.9-1.el9_1.src",
"product": {
"name": "golang-0:1.18.9-1.el9_1.src",
"product_id": "golang-0:1.18.9-1.el9_1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang@1.18.9-1.el9_1?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "go-toolset-0:1.18.9-1.el9_1.aarch64",
"product": {
"name": "go-toolset-0:1.18.9-1.el9_1.aarch64",
"product_id": "go-toolset-0:1.18.9-1.el9_1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/go-toolset@1.18.9-1.el9_1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "golang-0:1.18.9-1.el9_1.aarch64",
"product": {
"name": "golang-0:1.18.9-1.el9_1.aarch64",
"product_id": "golang-0:1.18.9-1.el9_1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang@1.18.9-1.el9_1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "golang-bin-0:1.18.9-1.el9_1.aarch64",
"product": {
"name": "golang-bin-0:1.18.9-1.el9_1.aarch64",
"product_id": "golang-bin-0:1.18.9-1.el9_1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-bin@1.18.9-1.el9_1?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "go-toolset-0:1.18.9-1.el9_1.ppc64le",
"product": {
"name": "go-toolset-0:1.18.9-1.el9_1.ppc64le",
"product_id": "go-toolset-0:1.18.9-1.el9_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/go-toolset@1.18.9-1.el9_1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "golang-0:1.18.9-1.el9_1.ppc64le",
"product": {
"name": "golang-0:1.18.9-1.el9_1.ppc64le",
"product_id": "golang-0:1.18.9-1.el9_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang@1.18.9-1.el9_1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "golang-bin-0:1.18.9-1.el9_1.ppc64le",
"product": {
"name": "golang-bin-0:1.18.9-1.el9_1.ppc64le",
"product_id": "golang-bin-0:1.18.9-1.el9_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-bin@1.18.9-1.el9_1?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "go-toolset-0:1.18.9-1.el9_1.x86_64",
"product": {
"name": "go-toolset-0:1.18.9-1.el9_1.x86_64",
"product_id": "go-toolset-0:1.18.9-1.el9_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/go-toolset@1.18.9-1.el9_1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "golang-0:1.18.9-1.el9_1.x86_64",
"product": {
"name": "golang-0:1.18.9-1.el9_1.x86_64",
"product_id": "golang-0:1.18.9-1.el9_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang@1.18.9-1.el9_1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "golang-bin-0:1.18.9-1.el9_1.x86_64",
"product": {
"name": "golang-bin-0:1.18.9-1.el9_1.x86_64",
"product_id": "golang-bin-0:1.18.9-1.el9_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-bin@1.18.9-1.el9_1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "golang-race-0:1.18.9-1.el9_1.x86_64",
"product": {
"name": "golang-race-0:1.18.9-1.el9_1.x86_64",
"product_id": "golang-race-0:1.18.9-1.el9_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-race@1.18.9-1.el9_1?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "go-toolset-0:1.18.9-1.el9_1.s390x",
"product": {
"name": "go-toolset-0:1.18.9-1.el9_1.s390x",
"product_id": "go-toolset-0:1.18.9-1.el9_1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/go-toolset@1.18.9-1.el9_1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "golang-0:1.18.9-1.el9_1.s390x",
"product": {
"name": "golang-0:1.18.9-1.el9_1.s390x",
"product_id": "golang-0:1.18.9-1.el9_1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang@1.18.9-1.el9_1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "golang-bin-0:1.18.9-1.el9_1.s390x",
"product": {
"name": "golang-bin-0:1.18.9-1.el9_1.s390x",
"product_id": "golang-bin-0:1.18.9-1.el9_1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-bin@1.18.9-1.el9_1?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "golang-docs-0:1.18.9-1.el9_1.noarch",
"product": {
"name": "golang-docs-0:1.18.9-1.el9_1.noarch",
"product_id": "golang-docs-0:1.18.9-1.el9_1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-docs@1.18.9-1.el9_1?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "golang-misc-0:1.18.9-1.el9_1.noarch",
"product": {
"name": "golang-misc-0:1.18.9-1.el9_1.noarch",
"product_id": "golang-misc-0:1.18.9-1.el9_1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-misc@1.18.9-1.el9_1?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "golang-src-0:1.18.9-1.el9_1.noarch",
"product": {
"name": "golang-src-0:1.18.9-1.el9_1.noarch",
"product_id": "golang-src-0:1.18.9-1.el9_1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-src@1.18.9-1.el9_1?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "golang-tests-0:1.18.9-1.el9_1.noarch",
"product": {
"name": "golang-tests-0:1.18.9-1.el9_1.noarch",
"product_id": "golang-tests-0:1.18.9-1.el9_1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-tests@1.18.9-1.el9_1?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "go-toolset-0:1.18.9-1.el9_1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.aarch64"
},
"product_reference": "go-toolset-0:1.18.9-1.el9_1.aarch64",
"relates_to_product_reference": "AppStream-9.1.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-toolset-0:1.18.9-1.el9_1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.ppc64le"
},
"product_reference": "go-toolset-0:1.18.9-1.el9_1.ppc64le",
"relates_to_product_reference": "AppStream-9.1.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-toolset-0:1.18.9-1.el9_1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.s390x"
},
"product_reference": "go-toolset-0:1.18.9-1.el9_1.s390x",
"relates_to_product_reference": "AppStream-9.1.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-toolset-0:1.18.9-1.el9_1.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.src"
},
"product_reference": "go-toolset-0:1.18.9-1.el9_1.src",
"relates_to_product_reference": "AppStream-9.1.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-toolset-0:1.18.9-1.el9_1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.x86_64"
},
"product_reference": "go-toolset-0:1.18.9-1.el9_1.x86_64",
"relates_to_product_reference": "AppStream-9.1.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-0:1.18.9-1.el9_1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.aarch64"
},
"product_reference": "golang-0:1.18.9-1.el9_1.aarch64",
"relates_to_product_reference": "AppStream-9.1.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-0:1.18.9-1.el9_1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.ppc64le"
},
"product_reference": "golang-0:1.18.9-1.el9_1.ppc64le",
"relates_to_product_reference": "AppStream-9.1.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-0:1.18.9-1.el9_1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.s390x"
},
"product_reference": "golang-0:1.18.9-1.el9_1.s390x",
"relates_to_product_reference": "AppStream-9.1.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-0:1.18.9-1.el9_1.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.src"
},
"product_reference": "golang-0:1.18.9-1.el9_1.src",
"relates_to_product_reference": "AppStream-9.1.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-0:1.18.9-1.el9_1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.x86_64"
},
"product_reference": "golang-0:1.18.9-1.el9_1.x86_64",
"relates_to_product_reference": "AppStream-9.1.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-bin-0:1.18.9-1.el9_1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.aarch64"
},
"product_reference": "golang-bin-0:1.18.9-1.el9_1.aarch64",
"relates_to_product_reference": "AppStream-9.1.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-bin-0:1.18.9-1.el9_1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.ppc64le"
},
"product_reference": "golang-bin-0:1.18.9-1.el9_1.ppc64le",
"relates_to_product_reference": "AppStream-9.1.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-bin-0:1.18.9-1.el9_1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.s390x"
},
"product_reference": "golang-bin-0:1.18.9-1.el9_1.s390x",
"relates_to_product_reference": "AppStream-9.1.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-bin-0:1.18.9-1.el9_1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.x86_64"
},
"product_reference": "golang-bin-0:1.18.9-1.el9_1.x86_64",
"relates_to_product_reference": "AppStream-9.1.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-docs-0:1.18.9-1.el9_1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.Z.MAIN:golang-docs-0:1.18.9-1.el9_1.noarch"
},
"product_reference": "golang-docs-0:1.18.9-1.el9_1.noarch",
"relates_to_product_reference": "AppStream-9.1.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-misc-0:1.18.9-1.el9_1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.Z.MAIN:golang-misc-0:1.18.9-1.el9_1.noarch"
},
"product_reference": "golang-misc-0:1.18.9-1.el9_1.noarch",
"relates_to_product_reference": "AppStream-9.1.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-race-0:1.18.9-1.el9_1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.Z.MAIN:golang-race-0:1.18.9-1.el9_1.x86_64"
},
"product_reference": "golang-race-0:1.18.9-1.el9_1.x86_64",
"relates_to_product_reference": "AppStream-9.1.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-src-0:1.18.9-1.el9_1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.Z.MAIN:golang-src-0:1.18.9-1.el9_1.noarch"
},
"product_reference": "golang-src-0:1.18.9-1.el9_1.noarch",
"relates_to_product_reference": "AppStream-9.1.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-tests-0:1.18.9-1.el9_1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.Z.MAIN:golang-tests-0:1.18.9-1.el9_1.noarch"
},
"product_reference": "golang-tests-0:1.18.9-1.el9_1.noarch",
"relates_to_product_reference": "AppStream-9.1.0.Z.MAIN"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Adam Korczynski"
],
"organization": "ADA Logics"
},
{
"names": [
"OSS-Fuzz"
]
}
],
"cve": "CVE-2022-2879",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2022-10-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.aarch64",
"AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.ppc64le",
"AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.s390x",
"AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.src",
"AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2132867"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package, where Reader.Read does not set a limit on the maximum size of file headers. After fixing, Reader.Read limits the maximum size of header blocks to 1 MiB. This flaw allows a maliciously crafted archive to cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panic.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/tar: github.com/vbatts/tar-split: unbounded memory consumption when reading headers",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.\n\n\nThis flaw additionally affects the github.com/vbatts/tar-split library and was fixed in v0.12.1.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.aarch64",
"AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.ppc64le",
"AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.s390x",
"AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.src",
"AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.x86_64",
"AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.aarch64",
"AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.ppc64le",
"AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.s390x",
"AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.x86_64",
"AppStream-9.1.0.Z.MAIN:golang-docs-0:1.18.9-1.el9_1.noarch",
"AppStream-9.1.0.Z.MAIN:golang-misc-0:1.18.9-1.el9_1.noarch",
"AppStream-9.1.0.Z.MAIN:golang-race-0:1.18.9-1.el9_1.x86_64",
"AppStream-9.1.0.Z.MAIN:golang-src-0:1.18.9-1.el9_1.noarch",
"AppStream-9.1.0.Z.MAIN:golang-tests-0:1.18.9-1.el9_1.noarch"
],
"known_not_affected": [
"AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.aarch64",
"AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.ppc64le",
"AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.s390x",
"AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.src",
"AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-2879"
},
{
"category": "external",
"summary": "RHBZ#2132867",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132867"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-2879",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2879"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2879",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2879"
},
{
"category": "external",
"summary": "https://github.com/golang/go/issues/54853",
"url": "https://github.com/golang/go/issues/54853"
},
{
"category": "external",
"summary": "https://github.com/vbatts/tar-split/releases/tag/v0.12.1",
"url": "https://github.com/vbatts/tar-split/releases/tag/v0.12.1"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1",
"url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1"
}
],
"release_date": "2022-10-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-23T15:26:30+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.aarch64",
"AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.ppc64le",
"AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.s390x",
"AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.src",
"AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.x86_64",
"AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.aarch64",
"AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.ppc64le",
"AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.s390x",
"AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.x86_64",
"AppStream-9.1.0.Z.MAIN:golang-docs-0:1.18.9-1.el9_1.noarch",
"AppStream-9.1.0.Z.MAIN:golang-misc-0:1.18.9-1.el9_1.noarch",
"AppStream-9.1.0.Z.MAIN:golang-race-0:1.18.9-1.el9_1.x86_64",
"AppStream-9.1.0.Z.MAIN:golang-src-0:1.18.9-1.el9_1.noarch",
"AppStream-9.1.0.Z.MAIN:golang-tests-0:1.18.9-1.el9_1.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0328"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.aarch64",
"AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.ppc64le",
"AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.s390x",
"AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.src",
"AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.x86_64",
"AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.aarch64",
"AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.ppc64le",
"AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.s390x",
"AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.src",
"AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.x86_64",
"AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.aarch64",
"AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.ppc64le",
"AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.s390x",
"AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.x86_64",
"AppStream-9.1.0.Z.MAIN:golang-docs-0:1.18.9-1.el9_1.noarch",
"AppStream-9.1.0.Z.MAIN:golang-misc-0:1.18.9-1.el9_1.noarch",
"AppStream-9.1.0.Z.MAIN:golang-race-0:1.18.9-1.el9_1.x86_64",
"AppStream-9.1.0.Z.MAIN:golang-src-0:1.18.9-1.el9_1.noarch",
"AppStream-9.1.0.Z.MAIN:golang-tests-0:1.18.9-1.el9_1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: archive/tar: github.com/vbatts/tar-split: unbounded memory consumption when reading headers"
},
{
"acknowledgments": [
{
"names": [
"Daniel Abeles"
],
"organization": "Head of Research, Oxeye"
},
{
"names": [
"Gal Goldstein"
],
"organization": "Security Researcher, Oxeye"
}
],
"cve": "CVE-2022-2880",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2022-10-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.aarch64",
"AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.ppc64le",
"AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.s390x",
"AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.src",
"AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2132868"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After the fix, the reverse proxy sanitizes the query parameters in the forwarded query when the outbound request\u0027s form field is set after the reverse proxy. The director function returns, indicating that the proxy has parsed the query parameters. Proxies that do not parse query parameters continue to forward the original query parameters unchanged.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity to exploit this vulnerability is limited to the Golang runtime. In the case of the OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.aarch64",
"AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.ppc64le",
"AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.s390x",
"AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.src",
"AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.x86_64",
"AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.aarch64",
"AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.ppc64le",
"AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.s390x",
"AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.x86_64",
"AppStream-9.1.0.Z.MAIN:golang-docs-0:1.18.9-1.el9_1.noarch",
"AppStream-9.1.0.Z.MAIN:golang-misc-0:1.18.9-1.el9_1.noarch",
"AppStream-9.1.0.Z.MAIN:golang-race-0:1.18.9-1.el9_1.x86_64",
"AppStream-9.1.0.Z.MAIN:golang-src-0:1.18.9-1.el9_1.noarch",
"AppStream-9.1.0.Z.MAIN:golang-tests-0:1.18.9-1.el9_1.noarch"
],
"known_not_affected": [
"AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.aarch64",
"AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.ppc64le",
"AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.s390x",
"AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.src",
"AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-2880"
},
{
"category": "external",
"summary": "RHBZ#2132868",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132868"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-2880",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2880"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2880",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2880"
},
{
"category": "external",
"summary": "https://github.com/golang/go/issues/54663",
"url": "https://github.com/golang/go/issues/54663"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1",
"url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1"
}
],
"release_date": "2022-10-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-23T15:26:30+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.aarch64",
"AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.ppc64le",
"AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.s390x",
"AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.src",
"AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.x86_64",
"AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.aarch64",
"AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.ppc64le",
"AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.s390x",
"AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.x86_64",
"AppStream-9.1.0.Z.MAIN:golang-docs-0:1.18.9-1.el9_1.noarch",
"AppStream-9.1.0.Z.MAIN:golang-misc-0:1.18.9-1.el9_1.noarch",
"AppStream-9.1.0.Z.MAIN:golang-race-0:1.18.9-1.el9_1.x86_64",
"AppStream-9.1.0.Z.MAIN:golang-src-0:1.18.9-1.el9_1.noarch",
"AppStream-9.1.0.Z.MAIN:golang-tests-0:1.18.9-1.el9_1.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0328"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.aarch64",
"AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.ppc64le",
"AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.s390x",
"AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.src",
"AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.x86_64",
"AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.aarch64",
"AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.ppc64le",
"AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.s390x",
"AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.src",
"AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.x86_64",
"AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.aarch64",
"AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.ppc64le",
"AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.s390x",
"AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.x86_64",
"AppStream-9.1.0.Z.MAIN:golang-docs-0:1.18.9-1.el9_1.noarch",
"AppStream-9.1.0.Z.MAIN:golang-misc-0:1.18.9-1.el9_1.noarch",
"AppStream-9.1.0.Z.MAIN:golang-race-0:1.18.9-1.el9_1.x86_64",
"AppStream-9.1.0.Z.MAIN:golang-src-0:1.18.9-1.el9_1.noarch",
"AppStream-9.1.0.Z.MAIN:golang-tests-0:1.18.9-1.el9_1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters"
},
{
"cve": "CVE-2022-27664",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-09-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.aarch64",
"AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.ppc64le",
"AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.s390x",
"AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.src",
"AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2124669"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: handle server errors after sending GOAWAY",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.aarch64",
"AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.ppc64le",
"AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.s390x",
"AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.src",
"AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.x86_64",
"AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.aarch64",
"AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.ppc64le",
"AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.s390x",
"AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.x86_64",
"AppStream-9.1.0.Z.MAIN:golang-docs-0:1.18.9-1.el9_1.noarch",
"AppStream-9.1.0.Z.MAIN:golang-misc-0:1.18.9-1.el9_1.noarch",
"AppStream-9.1.0.Z.MAIN:golang-race-0:1.18.9-1.el9_1.x86_64",
"AppStream-9.1.0.Z.MAIN:golang-src-0:1.18.9-1.el9_1.noarch",
"AppStream-9.1.0.Z.MAIN:golang-tests-0:1.18.9-1.el9_1.noarch"
],
"known_not_affected": [
"AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.aarch64",
"AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.ppc64le",
"AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.s390x",
"AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.src",
"AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-27664"
},
{
"category": "external",
"summary": "RHBZ#2124669",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124669"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-27664",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27664"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-27664",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27664"
},
{
"category": "external",
"summary": "https://go.dev/issue/54658",
"url": "https://go.dev/issue/54658"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ",
"url": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ"
}
],
"release_date": "2022-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-23T15:26:30+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.aarch64",
"AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.ppc64le",
"AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.s390x",
"AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.src",
"AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.x86_64",
"AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.aarch64",
"AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.ppc64le",
"AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.s390x",
"AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.x86_64",
"AppStream-9.1.0.Z.MAIN:golang-docs-0:1.18.9-1.el9_1.noarch",
"AppStream-9.1.0.Z.MAIN:golang-misc-0:1.18.9-1.el9_1.noarch",
"AppStream-9.1.0.Z.MAIN:golang-race-0:1.18.9-1.el9_1.x86_64",
"AppStream-9.1.0.Z.MAIN:golang-src-0:1.18.9-1.el9_1.noarch",
"AppStream-9.1.0.Z.MAIN:golang-tests-0:1.18.9-1.el9_1.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0328"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.aarch64",
"AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.ppc64le",
"AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.s390x",
"AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.src",
"AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.x86_64",
"AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.aarch64",
"AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.ppc64le",
"AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.s390x",
"AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.src",
"AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.x86_64",
"AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.aarch64",
"AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.ppc64le",
"AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.s390x",
"AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.x86_64",
"AppStream-9.1.0.Z.MAIN:golang-docs-0:1.18.9-1.el9_1.noarch",
"AppStream-9.1.0.Z.MAIN:golang-misc-0:1.18.9-1.el9_1.noarch",
"AppStream-9.1.0.Z.MAIN:golang-race-0:1.18.9-1.el9_1.x86_64",
"AppStream-9.1.0.Z.MAIN:golang-src-0:1.18.9-1.el9_1.noarch",
"AppStream-9.1.0.Z.MAIN:golang-tests-0:1.18.9-1.el9_1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: handle server errors after sending GOAWAY"
},
{
"cve": "CVE-2022-32189",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-08-02T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.aarch64",
"AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.ppc64le",
"AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.s390x",
"AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.src",
"AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2113814"
}
],
"notes": [
{
"category": "description",
"text": "An uncontrolled resource consumption flaw was found in Golang math/big. A too-short encoded message can cause a panic in Float.GobDecode and Rat.GobDecode in math/big in Go, potentially allowing an attacker to create a denial of service, impacting availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw stems from a particular and specific method (GoBDecode) which isn\u0027t commonly used. There are few components within Red Hat offerings which call this function. In rare cases where this method is called, the component limits possible damage or it is not possible to be triggered by an attacker. For these combined reasons the impact has been downgraded to Low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.aarch64",
"AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.ppc64le",
"AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.s390x",
"AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.src",
"AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.x86_64",
"AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.aarch64",
"AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.ppc64le",
"AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.s390x",
"AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.x86_64",
"AppStream-9.1.0.Z.MAIN:golang-docs-0:1.18.9-1.el9_1.noarch",
"AppStream-9.1.0.Z.MAIN:golang-misc-0:1.18.9-1.el9_1.noarch",
"AppStream-9.1.0.Z.MAIN:golang-race-0:1.18.9-1.el9_1.x86_64",
"AppStream-9.1.0.Z.MAIN:golang-src-0:1.18.9-1.el9_1.noarch",
"AppStream-9.1.0.Z.MAIN:golang-tests-0:1.18.9-1.el9_1.noarch"
],
"known_not_affected": [
"AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.aarch64",
"AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.ppc64le",
"AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.s390x",
"AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.src",
"AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-32189"
},
{
"category": "external",
"summary": "RHBZ#2113814",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2113814"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-32189",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32189"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32189",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32189"
},
{
"category": "external",
"summary": "https://go.dev/issue/53871",
"url": "https://go.dev/issue/53871"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-nuts/c/DCFSyTGM0wU",
"url": "https://groups.google.com/g/golang-nuts/c/DCFSyTGM0wU"
}
],
"release_date": "2022-08-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-23T15:26:30+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.aarch64",
"AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.ppc64le",
"AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.s390x",
"AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.src",
"AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.x86_64",
"AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.aarch64",
"AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.ppc64le",
"AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.s390x",
"AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.x86_64",
"AppStream-9.1.0.Z.MAIN:golang-docs-0:1.18.9-1.el9_1.noarch",
"AppStream-9.1.0.Z.MAIN:golang-misc-0:1.18.9-1.el9_1.noarch",
"AppStream-9.1.0.Z.MAIN:golang-race-0:1.18.9-1.el9_1.x86_64",
"AppStream-9.1.0.Z.MAIN:golang-src-0:1.18.9-1.el9_1.noarch",
"AppStream-9.1.0.Z.MAIN:golang-tests-0:1.18.9-1.el9_1.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0328"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.aarch64",
"AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.ppc64le",
"AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.s390x",
"AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.src",
"AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.x86_64",
"AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.aarch64",
"AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.ppc64le",
"AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.s390x",
"AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.src",
"AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.x86_64",
"AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.aarch64",
"AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.ppc64le",
"AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.s390x",
"AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.x86_64",
"AppStream-9.1.0.Z.MAIN:golang-docs-0:1.18.9-1.el9_1.noarch",
"AppStream-9.1.0.Z.MAIN:golang-misc-0:1.18.9-1.el9_1.noarch",
"AppStream-9.1.0.Z.MAIN:golang-race-0:1.18.9-1.el9_1.x86_64",
"AppStream-9.1.0.Z.MAIN:golang-src-0:1.18.9-1.el9_1.noarch",
"AppStream-9.1.0.Z.MAIN:golang-tests-0:1.18.9-1.el9_1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.aarch64",
"AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.ppc64le",
"AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.s390x",
"AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.src",
"AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.x86_64",
"AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.aarch64",
"AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.ppc64le",
"AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.s390x",
"AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.src",
"AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.x86_64",
"AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.aarch64",
"AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.ppc64le",
"AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.s390x",
"AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.x86_64",
"AppStream-9.1.0.Z.MAIN:golang-docs-0:1.18.9-1.el9_1.noarch",
"AppStream-9.1.0.Z.MAIN:golang-misc-0:1.18.9-1.el9_1.noarch",
"AppStream-9.1.0.Z.MAIN:golang-race-0:1.18.9-1.el9_1.x86_64",
"AppStream-9.1.0.Z.MAIN:golang-src-0:1.18.9-1.el9_1.noarch",
"AppStream-9.1.0.Z.MAIN:golang-tests-0:1.18.9-1.el9_1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service"
},
{
"acknowledgments": [
{
"names": [
"Adam Korczynski"
],
"organization": "ADA Logics"
},
{
"names": [
"OSS-Fuzz"
]
}
],
"cve": "CVE-2022-41715",
"discovery_date": "2022-10-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.aarch64",
"AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.ppc64le",
"AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.s390x",
"AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.src",
"AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2132872"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package, where programs that compile regular expressions from untrusted sources are vulnerable to memory exhaustion or a denial of service. The parsed regexp representation is linear in the input size. Still, in some cases, the constant factor can be as high as 40,000, making a relatively small regexp consume larger amounts of memory. After the fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Routine use of regular expressions is unaffected.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: regexp/syntax: limit memory used by parsing regexps",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.aarch64",
"AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.ppc64le",
"AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.s390x",
"AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.src",
"AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.x86_64",
"AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.aarch64",
"AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.ppc64le",
"AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.s390x",
"AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.x86_64",
"AppStream-9.1.0.Z.MAIN:golang-docs-0:1.18.9-1.el9_1.noarch",
"AppStream-9.1.0.Z.MAIN:golang-misc-0:1.18.9-1.el9_1.noarch",
"AppStream-9.1.0.Z.MAIN:golang-race-0:1.18.9-1.el9_1.x86_64",
"AppStream-9.1.0.Z.MAIN:golang-src-0:1.18.9-1.el9_1.noarch",
"AppStream-9.1.0.Z.MAIN:golang-tests-0:1.18.9-1.el9_1.noarch"
],
"known_not_affected": [
"AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.aarch64",
"AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.ppc64le",
"AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.s390x",
"AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.src",
"AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41715"
},
{
"category": "external",
"summary": "RHBZ#2132872",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132872"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41715",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41715"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41715",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41715"
},
{
"category": "external",
"summary": "https://github.com/golang/go/issues/55949",
"url": "https://github.com/golang/go/issues/55949"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1",
"url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1"
}
],
"release_date": "2022-10-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-23T15:26:30+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.aarch64",
"AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.ppc64le",
"AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.s390x",
"AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.src",
"AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.x86_64",
"AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.aarch64",
"AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.ppc64le",
"AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.s390x",
"AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.x86_64",
"AppStream-9.1.0.Z.MAIN:golang-docs-0:1.18.9-1.el9_1.noarch",
"AppStream-9.1.0.Z.MAIN:golang-misc-0:1.18.9-1.el9_1.noarch",
"AppStream-9.1.0.Z.MAIN:golang-race-0:1.18.9-1.el9_1.x86_64",
"AppStream-9.1.0.Z.MAIN:golang-src-0:1.18.9-1.el9_1.noarch",
"AppStream-9.1.0.Z.MAIN:golang-tests-0:1.18.9-1.el9_1.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0328"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.aarch64",
"AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.ppc64le",
"AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.s390x",
"AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.src",
"AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.x86_64",
"AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.aarch64",
"AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.ppc64le",
"AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.s390x",
"AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.src",
"AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.x86_64",
"AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.aarch64",
"AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.ppc64le",
"AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.s390x",
"AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.x86_64",
"AppStream-9.1.0.Z.MAIN:golang-docs-0:1.18.9-1.el9_1.noarch",
"AppStream-9.1.0.Z.MAIN:golang-misc-0:1.18.9-1.el9_1.noarch",
"AppStream-9.1.0.Z.MAIN:golang-race-0:1.18.9-1.el9_1.x86_64",
"AppStream-9.1.0.Z.MAIN:golang-src-0:1.18.9-1.el9_1.noarch",
"AppStream-9.1.0.Z.MAIN:golang-tests-0:1.18.9-1.el9_1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: regexp/syntax: limit memory used by parsing regexps"
},
{
"cve": "CVE-2022-41717",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-01-16T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.aarch64",
"AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.ppc64le",
"AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.s390x",
"AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.src",
"AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2161274"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Within Red Hat OpenShift Container Platform, the grafana container is listed as will not fix. Since OCP 4.10, Grafana itself is not shipped and the Grafana web server is protected behind an OAuth proxy server.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.aarch64",
"AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.ppc64le",
"AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.s390x",
"AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.src",
"AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.x86_64",
"AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.aarch64",
"AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.ppc64le",
"AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.s390x",
"AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.x86_64",
"AppStream-9.1.0.Z.MAIN:golang-docs-0:1.18.9-1.el9_1.noarch",
"AppStream-9.1.0.Z.MAIN:golang-misc-0:1.18.9-1.el9_1.noarch",
"AppStream-9.1.0.Z.MAIN:golang-race-0:1.18.9-1.el9_1.x86_64",
"AppStream-9.1.0.Z.MAIN:golang-src-0:1.18.9-1.el9_1.noarch",
"AppStream-9.1.0.Z.MAIN:golang-tests-0:1.18.9-1.el9_1.noarch"
],
"known_not_affected": [
"AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.aarch64",
"AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.ppc64le",
"AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.s390x",
"AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.src",
"AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41717"
},
{
"category": "external",
"summary": "RHBZ#2161274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161274"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41717",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41717"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41717",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41717"
},
{
"category": "external",
"summary": "https://go.dev/cl/455635",
"url": "https://go.dev/cl/455635"
},
{
"category": "external",
"summary": "https://go.dev/cl/455717",
"url": "https://go.dev/cl/455717"
},
{
"category": "external",
"summary": "https://go.dev/issue/56350",
"url": "https://go.dev/issue/56350"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ",
"url": "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2022-1144",
"url": "https://pkg.go.dev/vuln/GO-2022-1144"
}
],
"release_date": "2022-11-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-23T15:26:30+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.aarch64",
"AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.ppc64le",
"AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.s390x",
"AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.src",
"AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.x86_64",
"AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.aarch64",
"AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.ppc64le",
"AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.s390x",
"AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.x86_64",
"AppStream-9.1.0.Z.MAIN:golang-docs-0:1.18.9-1.el9_1.noarch",
"AppStream-9.1.0.Z.MAIN:golang-misc-0:1.18.9-1.el9_1.noarch",
"AppStream-9.1.0.Z.MAIN:golang-race-0:1.18.9-1.el9_1.x86_64",
"AppStream-9.1.0.Z.MAIN:golang-src-0:1.18.9-1.el9_1.noarch",
"AppStream-9.1.0.Z.MAIN:golang-tests-0:1.18.9-1.el9_1.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0328"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.aarch64",
"AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.ppc64le",
"AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.s390x",
"AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.src",
"AppStream-9.1.0.Z.MAIN:go-toolset-0:1.18.9-1.el9_1.x86_64",
"AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.aarch64",
"AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.ppc64le",
"AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.s390x",
"AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.src",
"AppStream-9.1.0.Z.MAIN:golang-0:1.18.9-1.el9_1.x86_64",
"AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.aarch64",
"AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.ppc64le",
"AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.s390x",
"AppStream-9.1.0.Z.MAIN:golang-bin-0:1.18.9-1.el9_1.x86_64",
"AppStream-9.1.0.Z.MAIN:golang-docs-0:1.18.9-1.el9_1.noarch",
"AppStream-9.1.0.Z.MAIN:golang-misc-0:1.18.9-1.el9_1.noarch",
"AppStream-9.1.0.Z.MAIN:golang-race-0:1.18.9-1.el9_1.x86_64",
"AppStream-9.1.0.Z.MAIN:golang-src-0:1.18.9-1.el9_1.noarch",
"AppStream-9.1.0.Z.MAIN:golang-tests-0:1.18.9-1.el9_1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests"
}
]
}
RHSA-2023:0446
Vulnerability from csaf_redhat - Published: 2023-01-25 09:20 - Updated: 2026-05-27 08:35Summary
Red Hat Security Advisory: go-toolset:rhel8 security and bug fix update
Severity
Moderate
Notes
Topic: An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang.
Security Fix(es):
* golang: archive/tar: unbounded memory consumption when reading headers (CVE-2022-2879)
* golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880)
* golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* Internal linking fails on ppc64le (BZ#2144545)
* crypto testcases fail on golang on s390x [rhel-8] (BZ#2149313)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the golang package, where Reader.Read does not set a limit on the maximum size of file headers. After fixing, Reader.Read limits the maximum size of header blocks to 1 MiB. This flaw allows a maliciously crafted archive to cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panic.
6.5 (Medium)
Affected products
Fixed
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:delve-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.src::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:delve-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:delve-debuginfo-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:delve-debugsource-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.aarch64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.ppc64le::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.s390x::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.src::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.aarch64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.ppc64le::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.s390x::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.src::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.aarch64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.ppc64le::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.s390x::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:golang-docs-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:golang-misc-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:golang-race-0:1.18.9-1.module+el8.7.0+17640+84246675.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:golang-src-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:golang-tests-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After the fix, the reverse proxy sanitizes the query parameters in the forwarded query when the outbound request's form field is set after the reverse proxy. The director function returns, indicating that the proxy has parsed the query parameters. Proxies that do not parse query parameters continue to forward the original query parameters unchanged.
7.5 (High)
Affected products
Fixed
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:delve-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.src::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:delve-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:delve-debuginfo-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:delve-debugsource-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.aarch64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.ppc64le::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.s390x::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.src::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.aarch64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.ppc64le::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.s390x::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.src::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.aarch64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.ppc64le::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.s390x::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:golang-docs-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:golang-misc-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:golang-race-0:1.18.9-1.module+el8.7.0+17640+84246675.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:golang-src-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:golang-tests-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown.
6.5 (Medium)
Affected products
Fixed
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:delve-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.src::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:delve-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:delve-debuginfo-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:delve-debugsource-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.aarch64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.ppc64le::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.s390x::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.src::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.aarch64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.ppc64le::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.s390x::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.src::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.aarch64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.ppc64le::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.s390x::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:golang-docs-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:golang-misc-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:golang-race-0:1.18.9-1.module+el8.7.0+17640+84246675.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:golang-src-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:golang-tests-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
An uncontrolled resource consumption flaw was found in Golang math/big. A too-short encoded message can cause a panic in Float.GobDecode and Rat.GobDecode in math/big in Go, potentially allowing an attacker to create a denial of service, impacting availability.
6.5 (Medium)
Affected products
Fixed
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:delve-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.src::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:delve-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:delve-debuginfo-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:delve-debugsource-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.aarch64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.ppc64le::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.s390x::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.src::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.aarch64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.ppc64le::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.s390x::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.src::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.aarch64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.ppc64le::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.s390x::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:golang-docs-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:golang-misc-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:golang-race-0:1.18.9-1.module+el8.7.0+17640+84246675.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:golang-src-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:golang-tests-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Low
A flaw was found in the golang package, where programs that compile regular expressions from untrusted sources are vulnerable to memory exhaustion or a denial of service. The parsed regexp representation is linear in the input size. Still, in some cases, the constant factor can be as high as 40,000, making a relatively small regexp consume larger amounts of memory. After the fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Routine use of regular expressions is unaffected.
6.5 (Medium)
Affected products
Fixed
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:delve-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.src::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:delve-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:delve-debuginfo-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:delve-debugsource-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.aarch64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.ppc64le::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.s390x::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.src::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.aarch64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.ppc64le::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.s390x::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.src::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.aarch64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.ppc64le::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.s390x::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:golang-docs-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:golang-misc-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:golang-race-0:1.18.9-1.module+el8.7.0+17640+84246675.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:golang-src-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:golang-tests-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.
5.3 (Medium)
Affected products
Fixed
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:delve-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.src::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:delve-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:delve-debuginfo-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:delve-debugsource-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.aarch64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.ppc64le::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.s390x::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.src::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.aarch64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.ppc64le::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.s390x::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.src::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.aarch64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.ppc64le::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.s390x::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:golang-docs-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:golang-misc-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:golang-race-0:1.18.9-1.module+el8.7.0+17640+84246675.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:golang-src-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.Z.MAIN:golang-tests-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
46 references
Acknowledgments
ADA Logics
Adam Korczynski
OSS-Fuzz
Head of Research, Oxeye
Daniel Abeles
Security Researcher, Oxeye
Gal Goldstein
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. \n\nSecurity Fix(es):\n\n* golang: archive/tar: unbounded memory consumption when reading headers (CVE-2022-2879)\n\n* golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880)\n\n* golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Internal linking fails on ppc64le (BZ#2144545)\n\n* crypto testcases fail on golang on s390x [rhel-8] (BZ#2149313)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:0446",
"url": "https://access.redhat.com/errata/RHSA-2023:0446"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2132867",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132867"
},
{
"category": "external",
"summary": "2132868",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132868"
},
{
"category": "external",
"summary": "2132872",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132872"
},
{
"category": "external",
"summary": "2139718",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2139718"
},
{
"category": "external",
"summary": "2149313",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2149313"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_0446.json"
}
],
"title": "Red Hat Security Advisory: go-toolset:rhel8 security and bug fix update",
"tracking": {
"current_release_date": "2026-05-27T08:35:38+00:00",
"generator": {
"date": "2026-05-27T08:35:38+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2023:0446",
"initial_release_date": "2023-01-25T09:20:12+00:00",
"revision_history": [
{
"date": "2023-01-25T09:20:12+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-01-25T09:20:12+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-27T08:35:38+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.Z.MAIN",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.aarch64::go-toolset:rhel8",
"product": {
"name": "go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.aarch64 (go-toolset:rhel8)",
"product_id": "go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.aarch64::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/go-toolset@1.18.9-1.module%2Bel8.7.0%2B17845%2B708ebe87?arch=aarch64\u0026rpmmod=go-toolset:rhel8:8070020230116141618:ded9a3e2"
}
}
},
{
"category": "product_version",
"name": "golang-0:1.18.9-1.module+el8.7.0+17640+84246675.aarch64::go-toolset:rhel8",
"product": {
"name": "golang-0:1.18.9-1.module+el8.7.0+17640+84246675.aarch64 (go-toolset:rhel8)",
"product_id": "golang-0:1.18.9-1.module+el8.7.0+17640+84246675.aarch64::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang@1.18.9-1.module%2Bel8.7.0%2B17640%2B84246675?arch=aarch64\u0026rpmmod=go-toolset:rhel8:8070020230116141618:ded9a3e2"
}
}
},
{
"category": "product_version",
"name": "golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.aarch64::go-toolset:rhel8",
"product": {
"name": "golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.aarch64 (go-toolset:rhel8)",
"product_id": "golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.aarch64::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-bin@1.18.9-1.module%2Bel8.7.0%2B17640%2B84246675?arch=aarch64\u0026rpmmod=go-toolset:rhel8:8070020230116141618:ded9a3e2"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.src::go-toolset:rhel8",
"product": {
"name": "go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.src (go-toolset:rhel8)",
"product_id": "go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.src::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/go-toolset@1.18.9-1.module%2Bel8.7.0%2B17845%2B708ebe87?arch=src\u0026rpmmod=go-toolset:rhel8:8070020230116141618:ded9a3e2"
}
}
},
{
"category": "product_version",
"name": "golang-0:1.18.9-1.module+el8.7.0+17640+84246675.src::go-toolset:rhel8",
"product": {
"name": "golang-0:1.18.9-1.module+el8.7.0+17640+84246675.src (go-toolset:rhel8)",
"product_id": "golang-0:1.18.9-1.module+el8.7.0+17640+84246675.src::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang@1.18.9-1.module%2Bel8.7.0%2B17640%2B84246675?arch=src\u0026rpmmod=go-toolset:rhel8:8070020230116141618:ded9a3e2"
}
}
},
{
"category": "product_version",
"name": "delve-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.src::go-toolset:rhel8",
"product": {
"name": "delve-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.src (go-toolset:rhel8)",
"product_id": "delve-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.src::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/delve@1.8.3-1.module%2Bel8.7.0%2B15126%2B0e0a42d9?arch=src\u0026rpmmod=go-toolset:rhel8:8070020230116141618:ded9a3e2"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "golang-docs-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8",
"product": {
"name": "golang-docs-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch (go-toolset:rhel8)",
"product_id": "golang-docs-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-docs@1.18.9-1.module%2Bel8.7.0%2B17640%2B84246675?arch=noarch\u0026rpmmod=go-toolset:rhel8:8070020230116141618:ded9a3e2"
}
}
},
{
"category": "product_version",
"name": "golang-misc-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8",
"product": {
"name": "golang-misc-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch (go-toolset:rhel8)",
"product_id": "golang-misc-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-misc@1.18.9-1.module%2Bel8.7.0%2B17640%2B84246675?arch=noarch\u0026rpmmod=go-toolset:rhel8:8070020230116141618:ded9a3e2"
}
}
},
{
"category": "product_version",
"name": "golang-src-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8",
"product": {
"name": "golang-src-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch (go-toolset:rhel8)",
"product_id": "golang-src-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-src@1.18.9-1.module%2Bel8.7.0%2B17640%2B84246675?arch=noarch\u0026rpmmod=go-toolset:rhel8:8070020230116141618:ded9a3e2"
}
}
},
{
"category": "product_version",
"name": "golang-tests-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8",
"product": {
"name": "golang-tests-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch (go-toolset:rhel8)",
"product_id": "golang-tests-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-tests@1.18.9-1.module%2Bel8.7.0%2B17640%2B84246675?arch=noarch\u0026rpmmod=go-toolset:rhel8:8070020230116141618:ded9a3e2"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.ppc64le::go-toolset:rhel8",
"product": {
"name": "go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.ppc64le (go-toolset:rhel8)",
"product_id": "go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.ppc64le::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/go-toolset@1.18.9-1.module%2Bel8.7.0%2B17845%2B708ebe87?arch=ppc64le\u0026rpmmod=go-toolset:rhel8:8070020230116141618:ded9a3e2"
}
}
},
{
"category": "product_version",
"name": "golang-0:1.18.9-1.module+el8.7.0+17640+84246675.ppc64le::go-toolset:rhel8",
"product": {
"name": "golang-0:1.18.9-1.module+el8.7.0+17640+84246675.ppc64le (go-toolset:rhel8)",
"product_id": "golang-0:1.18.9-1.module+el8.7.0+17640+84246675.ppc64le::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang@1.18.9-1.module%2Bel8.7.0%2B17640%2B84246675?arch=ppc64le\u0026rpmmod=go-toolset:rhel8:8070020230116141618:ded9a3e2"
}
}
},
{
"category": "product_version",
"name": "golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.ppc64le::go-toolset:rhel8",
"product": {
"name": "golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.ppc64le (go-toolset:rhel8)",
"product_id": "golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.ppc64le::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-bin@1.18.9-1.module%2Bel8.7.0%2B17640%2B84246675?arch=ppc64le\u0026rpmmod=go-toolset:rhel8:8070020230116141618:ded9a3e2"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.s390x::go-toolset:rhel8",
"product": {
"name": "go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.s390x (go-toolset:rhel8)",
"product_id": "go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.s390x::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/go-toolset@1.18.9-1.module%2Bel8.7.0%2B17845%2B708ebe87?arch=s390x\u0026rpmmod=go-toolset:rhel8:8070020230116141618:ded9a3e2"
}
}
},
{
"category": "product_version",
"name": "golang-0:1.18.9-1.module+el8.7.0+17640+84246675.s390x::go-toolset:rhel8",
"product": {
"name": "golang-0:1.18.9-1.module+el8.7.0+17640+84246675.s390x (go-toolset:rhel8)",
"product_id": "golang-0:1.18.9-1.module+el8.7.0+17640+84246675.s390x::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang@1.18.9-1.module%2Bel8.7.0%2B17640%2B84246675?arch=s390x\u0026rpmmod=go-toolset:rhel8:8070020230116141618:ded9a3e2"
}
}
},
{
"category": "product_version",
"name": "golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.s390x::go-toolset:rhel8",
"product": {
"name": "golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.s390x (go-toolset:rhel8)",
"product_id": "golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.s390x::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-bin@1.18.9-1.module%2Bel8.7.0%2B17640%2B84246675?arch=s390x\u0026rpmmod=go-toolset:rhel8:8070020230116141618:ded9a3e2"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "delve-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.x86_64::go-toolset:rhel8",
"product": {
"name": "delve-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.x86_64 (go-toolset:rhel8)",
"product_id": "delve-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.x86_64::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/delve@1.8.3-1.module%2Bel8.7.0%2B15126%2B0e0a42d9?arch=x86_64\u0026rpmmod=go-toolset:rhel8:8070020230116141618:ded9a3e2"
}
}
},
{
"category": "product_version",
"name": "delve-debuginfo-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.x86_64::go-toolset:rhel8",
"product": {
"name": "delve-debuginfo-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.x86_64 (go-toolset:rhel8)",
"product_id": "delve-debuginfo-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.x86_64::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/delve-debuginfo@1.8.3-1.module%2Bel8.7.0%2B15126%2B0e0a42d9?arch=x86_64\u0026rpmmod=go-toolset:rhel8:8070020230116141618:ded9a3e2"
}
}
},
{
"category": "product_version",
"name": "delve-debugsource-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.x86_64::go-toolset:rhel8",
"product": {
"name": "delve-debugsource-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.x86_64 (go-toolset:rhel8)",
"product_id": "delve-debugsource-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.x86_64::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/delve-debugsource@1.8.3-1.module%2Bel8.7.0%2B15126%2B0e0a42d9?arch=x86_64\u0026rpmmod=go-toolset:rhel8:8070020230116141618:ded9a3e2"
}
}
},
{
"category": "product_version",
"name": "go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.x86_64::go-toolset:rhel8",
"product": {
"name": "go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.x86_64 (go-toolset:rhel8)",
"product_id": "go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.x86_64::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/go-toolset@1.18.9-1.module%2Bel8.7.0%2B17845%2B708ebe87?arch=x86_64\u0026rpmmod=go-toolset:rhel8:8070020230116141618:ded9a3e2"
}
}
},
{
"category": "product_version",
"name": "golang-0:1.18.9-1.module+el8.7.0+17640+84246675.x86_64::go-toolset:rhel8",
"product": {
"name": "golang-0:1.18.9-1.module+el8.7.0+17640+84246675.x86_64 (go-toolset:rhel8)",
"product_id": "golang-0:1.18.9-1.module+el8.7.0+17640+84246675.x86_64::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang@1.18.9-1.module%2Bel8.7.0%2B17640%2B84246675?arch=x86_64\u0026rpmmod=go-toolset:rhel8:8070020230116141618:ded9a3e2"
}
}
},
{
"category": "product_version",
"name": "golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.x86_64::go-toolset:rhel8",
"product": {
"name": "golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.x86_64 (go-toolset:rhel8)",
"product_id": "golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.x86_64::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-bin@1.18.9-1.module%2Bel8.7.0%2B17640%2B84246675?arch=x86_64\u0026rpmmod=go-toolset:rhel8:8070020230116141618:ded9a3e2"
}
}
},
{
"category": "product_version",
"name": "golang-race-0:1.18.9-1.module+el8.7.0+17640+84246675.x86_64::go-toolset:rhel8",
"product": {
"name": "golang-race-0:1.18.9-1.module+el8.7.0+17640+84246675.x86_64 (go-toolset:rhel8)",
"product_id": "golang-race-0:1.18.9-1.module+el8.7.0+17640+84246675.x86_64::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-race@1.18.9-1.module%2Bel8.7.0%2B17640%2B84246675?arch=x86_64\u0026rpmmod=go-toolset:rhel8:8070020230116141618:ded9a3e2"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "delve-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.src (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.Z.MAIN:delve-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.src::go-toolset:rhel8"
},
"product_reference": "delve-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.src::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "delve-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.x86_64 (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.Z.MAIN:delve-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.x86_64::go-toolset:rhel8"
},
"product_reference": "delve-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.x86_64::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "delve-debuginfo-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.x86_64 (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.Z.MAIN:delve-debuginfo-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.x86_64::go-toolset:rhel8"
},
"product_reference": "delve-debuginfo-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.x86_64::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "delve-debugsource-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.x86_64 (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.Z.MAIN:delve-debugsource-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.x86_64::go-toolset:rhel8"
},
"product_reference": "delve-debugsource-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.x86_64::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.aarch64 (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.aarch64::go-toolset:rhel8"
},
"product_reference": "go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.aarch64::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.ppc64le (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.ppc64le::go-toolset:rhel8"
},
"product_reference": "go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.ppc64le::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.s390x (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.s390x::go-toolset:rhel8"
},
"product_reference": "go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.s390x::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.src (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.src::go-toolset:rhel8"
},
"product_reference": "go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.src::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.x86_64 (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.x86_64::go-toolset:rhel8"
},
"product_reference": "go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.x86_64::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-0:1.18.9-1.module+el8.7.0+17640+84246675.aarch64 (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.aarch64::go-toolset:rhel8"
},
"product_reference": "golang-0:1.18.9-1.module+el8.7.0+17640+84246675.aarch64::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-0:1.18.9-1.module+el8.7.0+17640+84246675.ppc64le (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.ppc64le::go-toolset:rhel8"
},
"product_reference": "golang-0:1.18.9-1.module+el8.7.0+17640+84246675.ppc64le::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-0:1.18.9-1.module+el8.7.0+17640+84246675.s390x (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.s390x::go-toolset:rhel8"
},
"product_reference": "golang-0:1.18.9-1.module+el8.7.0+17640+84246675.s390x::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-0:1.18.9-1.module+el8.7.0+17640+84246675.src (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.src::go-toolset:rhel8"
},
"product_reference": "golang-0:1.18.9-1.module+el8.7.0+17640+84246675.src::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-0:1.18.9-1.module+el8.7.0+17640+84246675.x86_64 (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.x86_64::go-toolset:rhel8"
},
"product_reference": "golang-0:1.18.9-1.module+el8.7.0+17640+84246675.x86_64::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.aarch64 (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.Z.MAIN:golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.aarch64::go-toolset:rhel8"
},
"product_reference": "golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.aarch64::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.ppc64le (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.Z.MAIN:golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.ppc64le::go-toolset:rhel8"
},
"product_reference": "golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.ppc64le::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.s390x (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.Z.MAIN:golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.s390x::go-toolset:rhel8"
},
"product_reference": "golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.s390x::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.x86_64 (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.Z.MAIN:golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.x86_64::go-toolset:rhel8"
},
"product_reference": "golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.x86_64::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-docs-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.Z.MAIN:golang-docs-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8"
},
"product_reference": "golang-docs-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-misc-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.Z.MAIN:golang-misc-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8"
},
"product_reference": "golang-misc-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-race-0:1.18.9-1.module+el8.7.0+17640+84246675.x86_64 (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.Z.MAIN:golang-race-0:1.18.9-1.module+el8.7.0+17640+84246675.x86_64::go-toolset:rhel8"
},
"product_reference": "golang-race-0:1.18.9-1.module+el8.7.0+17640+84246675.x86_64::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-src-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.Z.MAIN:golang-src-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8"
},
"product_reference": "golang-src-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-tests-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.Z.MAIN:golang-tests-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8"
},
"product_reference": "golang-tests-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.7.0.Z.MAIN"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Adam Korczynski"
],
"organization": "ADA Logics"
},
{
"names": [
"OSS-Fuzz"
]
}
],
"cve": "CVE-2022-2879",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2022-10-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2132867"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package, where Reader.Read does not set a limit on the maximum size of file headers. After fixing, Reader.Read limits the maximum size of header blocks to 1 MiB. This flaw allows a maliciously crafted archive to cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panic.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/tar: github.com/vbatts/tar-split: unbounded memory consumption when reading headers",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.\n\n\nThis flaw additionally affects the github.com/vbatts/tar-split library and was fixed in v0.12.1.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.7.0.Z.MAIN:delve-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.src::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:delve-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:delve-debuginfo-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:delve-debugsource-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.aarch64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.ppc64le::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.s390x::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.src::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.aarch64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.ppc64le::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.s390x::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.src::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.aarch64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.ppc64le::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.s390x::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-docs-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-misc-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-race-0:1.18.9-1.module+el8.7.0+17640+84246675.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-src-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-tests-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-2879"
},
{
"category": "external",
"summary": "RHBZ#2132867",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132867"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-2879",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2879"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2879",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2879"
},
{
"category": "external",
"summary": "https://github.com/golang/go/issues/54853",
"url": "https://github.com/golang/go/issues/54853"
},
{
"category": "external",
"summary": "https://github.com/vbatts/tar-split/releases/tag/v0.12.1",
"url": "https://github.com/vbatts/tar-split/releases/tag/v0.12.1"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1",
"url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1"
}
],
"release_date": "2022-10-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-25T09:20:12+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.7.0.Z.MAIN:delve-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.src::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:delve-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:delve-debuginfo-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:delve-debugsource-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.aarch64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.ppc64le::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.s390x::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.src::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.aarch64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.ppc64le::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.s390x::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.src::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.aarch64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.ppc64le::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.s390x::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-docs-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-misc-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-race-0:1.18.9-1.module+el8.7.0+17640+84246675.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-src-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-tests-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0446"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.7.0.Z.MAIN:delve-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.src::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:delve-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:delve-debuginfo-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:delve-debugsource-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.aarch64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.ppc64le::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.s390x::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.src::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.aarch64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.ppc64le::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.s390x::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.src::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.aarch64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.ppc64le::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.s390x::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-docs-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-misc-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-race-0:1.18.9-1.module+el8.7.0+17640+84246675.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-src-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-tests-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: archive/tar: github.com/vbatts/tar-split: unbounded memory consumption when reading headers"
},
{
"acknowledgments": [
{
"names": [
"Daniel Abeles"
],
"organization": "Head of Research, Oxeye"
},
{
"names": [
"Gal Goldstein"
],
"organization": "Security Researcher, Oxeye"
}
],
"cve": "CVE-2022-2880",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2022-10-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2132868"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After the fix, the reverse proxy sanitizes the query parameters in the forwarded query when the outbound request\u0027s form field is set after the reverse proxy. The director function returns, indicating that the proxy has parsed the query parameters. Proxies that do not parse query parameters continue to forward the original query parameters unchanged.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity to exploit this vulnerability is limited to the Golang runtime. In the case of the OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.7.0.Z.MAIN:delve-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.src::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:delve-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:delve-debuginfo-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:delve-debugsource-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.aarch64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.ppc64le::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.s390x::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.src::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.aarch64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.ppc64le::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.s390x::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.src::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.aarch64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.ppc64le::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.s390x::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-docs-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-misc-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-race-0:1.18.9-1.module+el8.7.0+17640+84246675.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-src-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-tests-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-2880"
},
{
"category": "external",
"summary": "RHBZ#2132868",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132868"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-2880",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2880"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2880",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2880"
},
{
"category": "external",
"summary": "https://github.com/golang/go/issues/54663",
"url": "https://github.com/golang/go/issues/54663"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1",
"url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1"
}
],
"release_date": "2022-10-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-25T09:20:12+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.7.0.Z.MAIN:delve-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.src::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:delve-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:delve-debuginfo-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:delve-debugsource-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.aarch64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.ppc64le::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.s390x::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.src::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.aarch64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.ppc64le::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.s390x::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.src::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.aarch64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.ppc64le::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.s390x::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-docs-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-misc-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-race-0:1.18.9-1.module+el8.7.0+17640+84246675.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-src-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-tests-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0446"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.7.0.Z.MAIN:delve-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.src::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:delve-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:delve-debuginfo-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:delve-debugsource-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.aarch64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.ppc64le::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.s390x::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.src::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.aarch64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.ppc64le::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.s390x::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.src::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.aarch64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.ppc64le::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.s390x::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-docs-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-misc-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-race-0:1.18.9-1.module+el8.7.0+17640+84246675.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-src-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-tests-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters"
},
{
"cve": "CVE-2022-27664",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-09-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2124669"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: handle server errors after sending GOAWAY",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.7.0.Z.MAIN:delve-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.src::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:delve-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:delve-debuginfo-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:delve-debugsource-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.aarch64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.ppc64le::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.s390x::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.src::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.aarch64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.ppc64le::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.s390x::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.src::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.aarch64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.ppc64le::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.s390x::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-docs-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-misc-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-race-0:1.18.9-1.module+el8.7.0+17640+84246675.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-src-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-tests-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-27664"
},
{
"category": "external",
"summary": "RHBZ#2124669",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124669"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-27664",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27664"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-27664",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27664"
},
{
"category": "external",
"summary": "https://go.dev/issue/54658",
"url": "https://go.dev/issue/54658"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ",
"url": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ"
}
],
"release_date": "2022-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-25T09:20:12+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.7.0.Z.MAIN:delve-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.src::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:delve-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:delve-debuginfo-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:delve-debugsource-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.aarch64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.ppc64le::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.s390x::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.src::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.aarch64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.ppc64le::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.s390x::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.src::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.aarch64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.ppc64le::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.s390x::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-docs-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-misc-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-race-0:1.18.9-1.module+el8.7.0+17640+84246675.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-src-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-tests-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0446"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.7.0.Z.MAIN:delve-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.src::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:delve-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:delve-debuginfo-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:delve-debugsource-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.aarch64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.ppc64le::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.s390x::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.src::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.aarch64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.ppc64le::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.s390x::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.src::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.aarch64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.ppc64le::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.s390x::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-docs-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-misc-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-race-0:1.18.9-1.module+el8.7.0+17640+84246675.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-src-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-tests-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: handle server errors after sending GOAWAY"
},
{
"cve": "CVE-2022-32189",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-08-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2113814"
}
],
"notes": [
{
"category": "description",
"text": "An uncontrolled resource consumption flaw was found in Golang math/big. A too-short encoded message can cause a panic in Float.GobDecode and Rat.GobDecode in math/big in Go, potentially allowing an attacker to create a denial of service, impacting availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw stems from a particular and specific method (GoBDecode) which isn\u0027t commonly used. There are few components within Red Hat offerings which call this function. In rare cases where this method is called, the component limits possible damage or it is not possible to be triggered by an attacker. For these combined reasons the impact has been downgraded to Low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.7.0.Z.MAIN:delve-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.src::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:delve-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:delve-debuginfo-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:delve-debugsource-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.aarch64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.ppc64le::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.s390x::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.src::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.aarch64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.ppc64le::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.s390x::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.src::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.aarch64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.ppc64le::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.s390x::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-docs-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-misc-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-race-0:1.18.9-1.module+el8.7.0+17640+84246675.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-src-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-tests-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-32189"
},
{
"category": "external",
"summary": "RHBZ#2113814",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2113814"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-32189",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32189"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32189",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32189"
},
{
"category": "external",
"summary": "https://go.dev/issue/53871",
"url": "https://go.dev/issue/53871"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-nuts/c/DCFSyTGM0wU",
"url": "https://groups.google.com/g/golang-nuts/c/DCFSyTGM0wU"
}
],
"release_date": "2022-08-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-25T09:20:12+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.7.0.Z.MAIN:delve-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.src::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:delve-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:delve-debuginfo-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:delve-debugsource-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.aarch64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.ppc64le::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.s390x::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.src::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.aarch64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.ppc64le::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.s390x::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.src::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.aarch64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.ppc64le::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.s390x::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-docs-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-misc-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-race-0:1.18.9-1.module+el8.7.0+17640+84246675.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-src-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-tests-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0446"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.7.0.Z.MAIN:delve-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.src::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:delve-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:delve-debuginfo-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:delve-debugsource-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.aarch64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.ppc64le::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.s390x::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.src::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.aarch64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.ppc64le::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.s390x::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.src::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.aarch64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.ppc64le::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.s390x::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-docs-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-misc-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-race-0:1.18.9-1.module+el8.7.0+17640+84246675.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-src-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-tests-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.7.0.Z.MAIN:delve-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.src::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:delve-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:delve-debuginfo-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:delve-debugsource-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.aarch64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.ppc64le::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.s390x::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.src::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.aarch64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.ppc64le::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.s390x::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.src::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.aarch64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.ppc64le::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.s390x::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-docs-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-misc-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-race-0:1.18.9-1.module+el8.7.0+17640+84246675.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-src-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-tests-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service"
},
{
"acknowledgments": [
{
"names": [
"Adam Korczynski"
],
"organization": "ADA Logics"
},
{
"names": [
"OSS-Fuzz"
]
}
],
"cve": "CVE-2022-41715",
"discovery_date": "2022-10-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2132872"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package, where programs that compile regular expressions from untrusted sources are vulnerable to memory exhaustion or a denial of service. The parsed regexp representation is linear in the input size. Still, in some cases, the constant factor can be as high as 40,000, making a relatively small regexp consume larger amounts of memory. After the fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Routine use of regular expressions is unaffected.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: regexp/syntax: limit memory used by parsing regexps",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.7.0.Z.MAIN:delve-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.src::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:delve-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:delve-debuginfo-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:delve-debugsource-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.aarch64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.ppc64le::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.s390x::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.src::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.aarch64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.ppc64le::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.s390x::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.src::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.aarch64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.ppc64le::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.s390x::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-docs-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-misc-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-race-0:1.18.9-1.module+el8.7.0+17640+84246675.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-src-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-tests-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41715"
},
{
"category": "external",
"summary": "RHBZ#2132872",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132872"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41715",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41715"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41715",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41715"
},
{
"category": "external",
"summary": "https://github.com/golang/go/issues/55949",
"url": "https://github.com/golang/go/issues/55949"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1",
"url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1"
}
],
"release_date": "2022-10-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-25T09:20:12+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.7.0.Z.MAIN:delve-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.src::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:delve-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:delve-debuginfo-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:delve-debugsource-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.aarch64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.ppc64le::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.s390x::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.src::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.aarch64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.ppc64le::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.s390x::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.src::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.aarch64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.ppc64le::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.s390x::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-docs-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-misc-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-race-0:1.18.9-1.module+el8.7.0+17640+84246675.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-src-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-tests-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0446"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.7.0.Z.MAIN:delve-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.src::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:delve-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:delve-debuginfo-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:delve-debugsource-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.aarch64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.ppc64le::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.s390x::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.src::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.aarch64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.ppc64le::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.s390x::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.src::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.aarch64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.ppc64le::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.s390x::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-docs-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-misc-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-race-0:1.18.9-1.module+el8.7.0+17640+84246675.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-src-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-tests-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: regexp/syntax: limit memory used by parsing regexps"
},
{
"cve": "CVE-2022-41717",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-01-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2161274"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Within Red Hat OpenShift Container Platform, the grafana container is listed as will not fix. Since OCP 4.10, Grafana itself is not shipped and the Grafana web server is protected behind an OAuth proxy server.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.7.0.Z.MAIN:delve-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.src::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:delve-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:delve-debuginfo-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:delve-debugsource-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.aarch64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.ppc64le::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.s390x::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.src::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.aarch64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.ppc64le::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.s390x::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.src::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.aarch64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.ppc64le::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.s390x::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-docs-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-misc-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-race-0:1.18.9-1.module+el8.7.0+17640+84246675.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-src-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-tests-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41717"
},
{
"category": "external",
"summary": "RHBZ#2161274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161274"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41717",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41717"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41717",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41717"
},
{
"category": "external",
"summary": "https://go.dev/cl/455635",
"url": "https://go.dev/cl/455635"
},
{
"category": "external",
"summary": "https://go.dev/cl/455717",
"url": "https://go.dev/cl/455717"
},
{
"category": "external",
"summary": "https://go.dev/issue/56350",
"url": "https://go.dev/issue/56350"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ",
"url": "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2022-1144",
"url": "https://pkg.go.dev/vuln/GO-2022-1144"
}
],
"release_date": "2022-11-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-25T09:20:12+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.7.0.Z.MAIN:delve-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.src::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:delve-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:delve-debuginfo-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:delve-debugsource-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.aarch64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.ppc64le::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.s390x::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.src::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.aarch64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.ppc64le::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.s390x::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.src::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.aarch64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.ppc64le::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.s390x::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-docs-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-misc-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-race-0:1.18.9-1.module+el8.7.0+17640+84246675.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-src-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-tests-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0446"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-8.7.0.Z.MAIN:delve-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.src::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:delve-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:delve-debuginfo-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:delve-debugsource-0:1.8.3-1.module+el8.7.0+15126+0e0a42d9.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.aarch64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.ppc64le::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.s390x::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.src::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:go-toolset-0:1.18.9-1.module+el8.7.0+17845+708ebe87.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.aarch64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.ppc64le::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.s390x::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.src::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-0:1.18.9-1.module+el8.7.0+17640+84246675.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.aarch64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.ppc64le::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.s390x::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-bin-0:1.18.9-1.module+el8.7.0+17640+84246675.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-docs-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-misc-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-race-0:1.18.9-1.module+el8.7.0+17640+84246675.x86_64::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-src-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8",
"AppStream-8.7.0.Z.MAIN:golang-tests-0:1.18.9-1.module+el8.7.0+17640+84246675.noarch::go-toolset:rhel8"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests"
}
]
}
RHSA-2023:0542
Vulnerability from csaf_redhat - Published: 2023-01-30 17:18 - Updated: 2026-05-27 08:35Summary
Red Hat Security Advisory: Red Hat OpenShift Service Mesh 2.3.1 Containers security update
Severity
Important
Notes
Topic: Red Hat OpenShift Service Mesh 2.3.1 Containers
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat OpenShift Service Mesh is the Red Hat distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation.
This advisory covers container images for the release.
Security Fix(es):
* goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be (CVE-2021-4238)
* golang: archive/tar: unbounded memory consumption when reading headers (CVE-2022-2879)
* golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880)
* golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)
* Istio: Denial of service attack via a specially crafted message (CVE-2022-39278)
* golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715)
* kiali: error message spoofing in kiali UI (CVE-2022-3962)
* golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service (CVE-2022-32189)
For more details about security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, see the CVE page(s) listed in the Container CVEs section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in goutils where randomly generated alphanumeric strings contain significantly less entropy than expected. Both the `RandomAlphaNumeric` and `CryptoRandomAlphaNumeric` functions always return strings containing at least one digit from 0 to 9. This issue significantly reduces the amount of entropy generated in short strings by these functions.
7.0 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:afabcf0da6779927c712a1f17a6f2813652d6f2591d14b338d7498e6412c5f94_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:c86d69ba6b201c3ba0bb2bb4cba1d3b50170bdd74bdf59cb73542960df40873a_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:ebbf0c175574c323e2434e1150210758bb8591cf044f6467c64ed1795e741f14_s390x | — |
Vendor Fix
fix
|
Known not affected
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:5dfa0bcc7229240a63b0f2827ff8b8a89d67e338e997003ecf0519a124ea60c9_s390x | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:75ae154f741911e2b514fee0ae344c3da1d10f52ee2b96705ddbc08580e02b50_amd64 | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:85bc34ec14e604e1d2aa23a78f30cceb8e39d9c4cb5d3f50abb20285398116f4_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:0fcec6ec95a42d4f51260843d7646ccdcfcb6ee33f7da53178e080acb11d9db8_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:3fa9449daa00266fc428a9a83c880567ae162600bcfb7b545706aa2b02587e6c_amd64 | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:a39c492781b5bb2f42ffd10c994a8ee80e67bcfe9ad1f27852095af72ef4efef_s390x | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:617e3802d60b6ccdd0a9d99d72d6917644664c0c40ba3a53c54ce2b8d8c73383_s390x | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:c93481d8b8768f4e18f0ca43cbfaee1a27ce2ca6122f2505302b8f899b039efb_amd64 | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:f49446872837dbb08f5f60bbec882ac0a042f344dd2ce42588aad5bc4e987773_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:0e3ae1aa2219d8de710ace3511b43ba4c51de1f4f1ee5800923a7cd2922c39f8_amd64 | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:ef8552429ef57e8aca62643443692f29bd5cba6fa987375a6e8e74e6bc2e93f4_s390x | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:f3febe52ab74ed6173f603315c48611de3de5e60a40312df9971fee901c54984_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:1b163f346b6cd925a092c529050eb241b4e68432d65dbaf728c1d83450462c12_s390x | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:8792677bd15a8b3e7bf593fb4057c63930eb89d50072774908bb5df3761dbcc1_amd64 | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:e086f4f26ba7d4392dc127bbba7ac065e0a24d51e9cd21d04b7beb4de2fc38d6_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:721ab4359de7a70f5b3832a387e4ff18c98f8d2cfd1efd934bd1116cd68fdf29_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8f7ec7a5e1e12c111e1e7021ed3a15f618df928320612edd8bd5afa43243b7d5_s390x | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8fd4970929196a9cece5e881785f49bebcb7372f045f455d64a4cc20924ebdbf_amd64 | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:0c232efe123daef18fd2025236c7fa43d58dd261afabe30537ad71e6e01b90d3_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:7268afc10ac20b12b69426be691afe20395ed9a278850e4ea1f672b50f83299a_s390x | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:99b524381910c0f0b6979107795b30171b7a823d9af4cd80cb44f846a64868f0_amd64 | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2882d2ef3e926340bf0d98958adad4d7933bdc9145417e362a1c95627c3fed45_amd64 | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2ce08569c5cac0d137554f6d9a224d243f76a16f86eaa94ea77dfea5889218af_s390x | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:4cd6d47d20af9bc294fe0223dffa5c06d78ecc512ba07d9e0064f6d2e43bd6c4_ppc64le | — |
Threats
Impact
Important
A flaw was found in the golang package, where Reader.Read does not set a limit on the maximum size of file headers. After fixing, Reader.Read limits the maximum size of header blocks to 1 MiB. This flaw allows a maliciously crafted archive to cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panic.
6.5 (Medium)
Affected products
Fixed
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:0fcec6ec95a42d4f51260843d7646ccdcfcb6ee33f7da53178e080acb11d9db8_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:3fa9449daa00266fc428a9a83c880567ae162600bcfb7b545706aa2b02587e6c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:a39c492781b5bb2f42ffd10c994a8ee80e67bcfe9ad1f27852095af72ef4efef_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:afabcf0da6779927c712a1f17a6f2813652d6f2591d14b338d7498e6412c5f94_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:c86d69ba6b201c3ba0bb2bb4cba1d3b50170bdd74bdf59cb73542960df40873a_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:ebbf0c175574c323e2434e1150210758bb8591cf044f6467c64ed1795e741f14_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:1b163f346b6cd925a092c529050eb241b4e68432d65dbaf728c1d83450462c12_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:8792677bd15a8b3e7bf593fb4057c63930eb89d50072774908bb5df3761dbcc1_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:e086f4f26ba7d4392dc127bbba7ac065e0a24d51e9cd21d04b7beb4de2fc38d6_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:721ab4359de7a70f5b3832a387e4ff18c98f8d2cfd1efd934bd1116cd68fdf29_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8f7ec7a5e1e12c111e1e7021ed3a15f618df928320612edd8bd5afa43243b7d5_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8fd4970929196a9cece5e881785f49bebcb7372f045f455d64a4cc20924ebdbf_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:0c232efe123daef18fd2025236c7fa43d58dd261afabe30537ad71e6e01b90d3_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:7268afc10ac20b12b69426be691afe20395ed9a278850e4ea1f672b50f83299a_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:99b524381910c0f0b6979107795b30171b7a823d9af4cd80cb44f846a64868f0_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2882d2ef3e926340bf0d98958adad4d7933bdc9145417e362a1c95627c3fed45_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2ce08569c5cac0d137554f6d9a224d243f76a16f86eaa94ea77dfea5889218af_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:4cd6d47d20af9bc294fe0223dffa5c06d78ecc512ba07d9e0064f6d2e43bd6c4_ppc64le | — |
Vendor Fix
fix
|
Known not affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:5dfa0bcc7229240a63b0f2827ff8b8a89d67e338e997003ecf0519a124ea60c9_s390x | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:75ae154f741911e2b514fee0ae344c3da1d10f52ee2b96705ddbc08580e02b50_amd64 | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:85bc34ec14e604e1d2aa23a78f30cceb8e39d9c4cb5d3f50abb20285398116f4_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:617e3802d60b6ccdd0a9d99d72d6917644664c0c40ba3a53c54ce2b8d8c73383_s390x | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:c93481d8b8768f4e18f0ca43cbfaee1a27ce2ca6122f2505302b8f899b039efb_amd64 | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:f49446872837dbb08f5f60bbec882ac0a042f344dd2ce42588aad5bc4e987773_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:0e3ae1aa2219d8de710ace3511b43ba4c51de1f4f1ee5800923a7cd2922c39f8_amd64 | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:ef8552429ef57e8aca62643443692f29bd5cba6fa987375a6e8e74e6bc2e93f4_s390x | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:f3febe52ab74ed6173f603315c48611de3de5e60a40312df9971fee901c54984_ppc64le | — |
Threats
Impact
Moderate
A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After the fix, the reverse proxy sanitizes the query parameters in the forwarded query when the outbound request's form field is set after the reverse proxy. The director function returns, indicating that the proxy has parsed the query parameters. Proxies that do not parse query parameters continue to forward the original query parameters unchanged.
7.5 (High)
Affected products
Fixed
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:0fcec6ec95a42d4f51260843d7646ccdcfcb6ee33f7da53178e080acb11d9db8_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:3fa9449daa00266fc428a9a83c880567ae162600bcfb7b545706aa2b02587e6c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:a39c492781b5bb2f42ffd10c994a8ee80e67bcfe9ad1f27852095af72ef4efef_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:afabcf0da6779927c712a1f17a6f2813652d6f2591d14b338d7498e6412c5f94_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:c86d69ba6b201c3ba0bb2bb4cba1d3b50170bdd74bdf59cb73542960df40873a_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:ebbf0c175574c323e2434e1150210758bb8591cf044f6467c64ed1795e741f14_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:1b163f346b6cd925a092c529050eb241b4e68432d65dbaf728c1d83450462c12_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:8792677bd15a8b3e7bf593fb4057c63930eb89d50072774908bb5df3761dbcc1_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:e086f4f26ba7d4392dc127bbba7ac065e0a24d51e9cd21d04b7beb4de2fc38d6_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:721ab4359de7a70f5b3832a387e4ff18c98f8d2cfd1efd934bd1116cd68fdf29_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8f7ec7a5e1e12c111e1e7021ed3a15f618df928320612edd8bd5afa43243b7d5_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8fd4970929196a9cece5e881785f49bebcb7372f045f455d64a4cc20924ebdbf_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:0c232efe123daef18fd2025236c7fa43d58dd261afabe30537ad71e6e01b90d3_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:7268afc10ac20b12b69426be691afe20395ed9a278850e4ea1f672b50f83299a_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:99b524381910c0f0b6979107795b30171b7a823d9af4cd80cb44f846a64868f0_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2882d2ef3e926340bf0d98958adad4d7933bdc9145417e362a1c95627c3fed45_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2ce08569c5cac0d137554f6d9a224d243f76a16f86eaa94ea77dfea5889218af_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:4cd6d47d20af9bc294fe0223dffa5c06d78ecc512ba07d9e0064f6d2e43bd6c4_ppc64le | — |
Vendor Fix
fix
|
Known not affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:5dfa0bcc7229240a63b0f2827ff8b8a89d67e338e997003ecf0519a124ea60c9_s390x | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:75ae154f741911e2b514fee0ae344c3da1d10f52ee2b96705ddbc08580e02b50_amd64 | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:85bc34ec14e604e1d2aa23a78f30cceb8e39d9c4cb5d3f50abb20285398116f4_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:617e3802d60b6ccdd0a9d99d72d6917644664c0c40ba3a53c54ce2b8d8c73383_s390x | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:c93481d8b8768f4e18f0ca43cbfaee1a27ce2ca6122f2505302b8f899b039efb_amd64 | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:f49446872837dbb08f5f60bbec882ac0a042f344dd2ce42588aad5bc4e987773_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:0e3ae1aa2219d8de710ace3511b43ba4c51de1f4f1ee5800923a7cd2922c39f8_amd64 | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:ef8552429ef57e8aca62643443692f29bd5cba6fa987375a6e8e74e6bc2e93f4_s390x | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:f3febe52ab74ed6173f603315c48611de3de5e60a40312df9971fee901c54984_ppc64le | — |
Threats
Impact
Moderate
A content spoofing vulnerability was found in Kiali. It was discovered that Kiali does not implement error handling when the page or endpoint being accessed cannot be found. This issue allows an attacker to perform arbitrary text injection when an error response is retrieved from the URL being accessed.
4.3 (Medium)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:0e3ae1aa2219d8de710ace3511b43ba4c51de1f4f1ee5800923a7cd2922c39f8_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:ef8552429ef57e8aca62643443692f29bd5cba6fa987375a6e8e74e6bc2e93f4_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:f3febe52ab74ed6173f603315c48611de3de5e60a40312df9971fee901c54984_ppc64le | — |
Vendor Fix
fix
|
Known not affected
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:5dfa0bcc7229240a63b0f2827ff8b8a89d67e338e997003ecf0519a124ea60c9_s390x | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:75ae154f741911e2b514fee0ae344c3da1d10f52ee2b96705ddbc08580e02b50_amd64 | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:85bc34ec14e604e1d2aa23a78f30cceb8e39d9c4cb5d3f50abb20285398116f4_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:0fcec6ec95a42d4f51260843d7646ccdcfcb6ee33f7da53178e080acb11d9db8_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:3fa9449daa00266fc428a9a83c880567ae162600bcfb7b545706aa2b02587e6c_amd64 | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:a39c492781b5bb2f42ffd10c994a8ee80e67bcfe9ad1f27852095af72ef4efef_s390x | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:617e3802d60b6ccdd0a9d99d72d6917644664c0c40ba3a53c54ce2b8d8c73383_s390x | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:c93481d8b8768f4e18f0ca43cbfaee1a27ce2ca6122f2505302b8f899b039efb_amd64 | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:f49446872837dbb08f5f60bbec882ac0a042f344dd2ce42588aad5bc4e987773_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:afabcf0da6779927c712a1f17a6f2813652d6f2591d14b338d7498e6412c5f94_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:c86d69ba6b201c3ba0bb2bb4cba1d3b50170bdd74bdf59cb73542960df40873a_amd64 | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:ebbf0c175574c323e2434e1150210758bb8591cf044f6467c64ed1795e741f14_s390x | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:1b163f346b6cd925a092c529050eb241b4e68432d65dbaf728c1d83450462c12_s390x | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:8792677bd15a8b3e7bf593fb4057c63930eb89d50072774908bb5df3761dbcc1_amd64 | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:e086f4f26ba7d4392dc127bbba7ac065e0a24d51e9cd21d04b7beb4de2fc38d6_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:721ab4359de7a70f5b3832a387e4ff18c98f8d2cfd1efd934bd1116cd68fdf29_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8f7ec7a5e1e12c111e1e7021ed3a15f618df928320612edd8bd5afa43243b7d5_s390x | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8fd4970929196a9cece5e881785f49bebcb7372f045f455d64a4cc20924ebdbf_amd64 | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:0c232efe123daef18fd2025236c7fa43d58dd261afabe30537ad71e6e01b90d3_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:7268afc10ac20b12b69426be691afe20395ed9a278850e4ea1f672b50f83299a_s390x | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:99b524381910c0f0b6979107795b30171b7a823d9af4cd80cb44f846a64868f0_amd64 | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2882d2ef3e926340bf0d98958adad4d7933bdc9145417e362a1c95627c3fed45_amd64 | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2ce08569c5cac0d137554f6d9a224d243f76a16f86eaa94ea77dfea5889218af_s390x | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:4cd6d47d20af9bc294fe0223dffa5c06d78ecc512ba07d9e0064f6d2e43bd6c4_ppc64le | — |
Threats
Impact
Low
A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown.
6.5 (Medium)
Affected products
Fixed
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:0fcec6ec95a42d4f51260843d7646ccdcfcb6ee33f7da53178e080acb11d9db8_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:3fa9449daa00266fc428a9a83c880567ae162600bcfb7b545706aa2b02587e6c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:a39c492781b5bb2f42ffd10c994a8ee80e67bcfe9ad1f27852095af72ef4efef_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:afabcf0da6779927c712a1f17a6f2813652d6f2591d14b338d7498e6412c5f94_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:c86d69ba6b201c3ba0bb2bb4cba1d3b50170bdd74bdf59cb73542960df40873a_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:ebbf0c175574c323e2434e1150210758bb8591cf044f6467c64ed1795e741f14_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:1b163f346b6cd925a092c529050eb241b4e68432d65dbaf728c1d83450462c12_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:8792677bd15a8b3e7bf593fb4057c63930eb89d50072774908bb5df3761dbcc1_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:e086f4f26ba7d4392dc127bbba7ac065e0a24d51e9cd21d04b7beb4de2fc38d6_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:721ab4359de7a70f5b3832a387e4ff18c98f8d2cfd1efd934bd1116cd68fdf29_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8f7ec7a5e1e12c111e1e7021ed3a15f618df928320612edd8bd5afa43243b7d5_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8fd4970929196a9cece5e881785f49bebcb7372f045f455d64a4cc20924ebdbf_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:0c232efe123daef18fd2025236c7fa43d58dd261afabe30537ad71e6e01b90d3_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:7268afc10ac20b12b69426be691afe20395ed9a278850e4ea1f672b50f83299a_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:99b524381910c0f0b6979107795b30171b7a823d9af4cd80cb44f846a64868f0_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2882d2ef3e926340bf0d98958adad4d7933bdc9145417e362a1c95627c3fed45_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2ce08569c5cac0d137554f6d9a224d243f76a16f86eaa94ea77dfea5889218af_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:4cd6d47d20af9bc294fe0223dffa5c06d78ecc512ba07d9e0064f6d2e43bd6c4_ppc64le | — |
Vendor Fix
fix
|
Known not affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:5dfa0bcc7229240a63b0f2827ff8b8a89d67e338e997003ecf0519a124ea60c9_s390x | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:75ae154f741911e2b514fee0ae344c3da1d10f52ee2b96705ddbc08580e02b50_amd64 | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:85bc34ec14e604e1d2aa23a78f30cceb8e39d9c4cb5d3f50abb20285398116f4_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:617e3802d60b6ccdd0a9d99d72d6917644664c0c40ba3a53c54ce2b8d8c73383_s390x | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:c93481d8b8768f4e18f0ca43cbfaee1a27ce2ca6122f2505302b8f899b039efb_amd64 | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:f49446872837dbb08f5f60bbec882ac0a042f344dd2ce42588aad5bc4e987773_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:0e3ae1aa2219d8de710ace3511b43ba4c51de1f4f1ee5800923a7cd2922c39f8_amd64 | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:ef8552429ef57e8aca62643443692f29bd5cba6fa987375a6e8e74e6bc2e93f4_s390x | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:f3febe52ab74ed6173f603315c48611de3de5e60a40312df9971fee901c54984_ppc64le | — |
Threats
Impact
Moderate
An uncontrolled resource consumption flaw was found in Golang math/big. A too-short encoded message can cause a panic in Float.GobDecode and Rat.GobDecode in math/big in Go, potentially allowing an attacker to create a denial of service, impacting availability.
6.5 (Medium)
Affected products
Fixed
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:0fcec6ec95a42d4f51260843d7646ccdcfcb6ee33f7da53178e080acb11d9db8_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:3fa9449daa00266fc428a9a83c880567ae162600bcfb7b545706aa2b02587e6c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:a39c492781b5bb2f42ffd10c994a8ee80e67bcfe9ad1f27852095af72ef4efef_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:afabcf0da6779927c712a1f17a6f2813652d6f2591d14b338d7498e6412c5f94_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:c86d69ba6b201c3ba0bb2bb4cba1d3b50170bdd74bdf59cb73542960df40873a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:ebbf0c175574c323e2434e1150210758bb8591cf044f6467c64ed1795e741f14_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:1b163f346b6cd925a092c529050eb241b4e68432d65dbaf728c1d83450462c12_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:8792677bd15a8b3e7bf593fb4057c63930eb89d50072774908bb5df3761dbcc1_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:e086f4f26ba7d4392dc127bbba7ac065e0a24d51e9cd21d04b7beb4de2fc38d6_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:721ab4359de7a70f5b3832a387e4ff18c98f8d2cfd1efd934bd1116cd68fdf29_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8f7ec7a5e1e12c111e1e7021ed3a15f618df928320612edd8bd5afa43243b7d5_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8fd4970929196a9cece5e881785f49bebcb7372f045f455d64a4cc20924ebdbf_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:0c232efe123daef18fd2025236c7fa43d58dd261afabe30537ad71e6e01b90d3_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:7268afc10ac20b12b69426be691afe20395ed9a278850e4ea1f672b50f83299a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:99b524381910c0f0b6979107795b30171b7a823d9af4cd80cb44f846a64868f0_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2882d2ef3e926340bf0d98958adad4d7933bdc9145417e362a1c95627c3fed45_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2ce08569c5cac0d137554f6d9a224d243f76a16f86eaa94ea77dfea5889218af_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:4cd6d47d20af9bc294fe0223dffa5c06d78ecc512ba07d9e0064f6d2e43bd6c4_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:5dfa0bcc7229240a63b0f2827ff8b8a89d67e338e997003ecf0519a124ea60c9_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:75ae154f741911e2b514fee0ae344c3da1d10f52ee2b96705ddbc08580e02b50_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:85bc34ec14e604e1d2aa23a78f30cceb8e39d9c4cb5d3f50abb20285398116f4_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:617e3802d60b6ccdd0a9d99d72d6917644664c0c40ba3a53c54ce2b8d8c73383_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:c93481d8b8768f4e18f0ca43cbfaee1a27ce2ca6122f2505302b8f899b039efb_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:f49446872837dbb08f5f60bbec882ac0a042f344dd2ce42588aad5bc4e987773_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:0e3ae1aa2219d8de710ace3511b43ba4c51de1f4f1ee5800923a7cd2922c39f8_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:ef8552429ef57e8aca62643443692f29bd5cba6fa987375a6e8e74e6bc2e93f4_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:f3febe52ab74ed6173f603315c48611de3de5e60a40312df9971fee901c54984_ppc64le | — |
Workaround
|
Threats
Impact
Low
An uncontrolled resource consumption flaw was found in the Istio control plane, istiod. This issue could allow an unauthenticated remote attacker to send a specially crafted or oversized message that could cause a denial of service.
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:0fcec6ec95a42d4f51260843d7646ccdcfcb6ee33f7da53178e080acb11d9db8_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:3fa9449daa00266fc428a9a83c880567ae162600bcfb7b545706aa2b02587e6c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:a39c492781b5bb2f42ffd10c994a8ee80e67bcfe9ad1f27852095af72ef4efef_s390x | — |
Vendor Fix
fix
|
Known not affected
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:5dfa0bcc7229240a63b0f2827ff8b8a89d67e338e997003ecf0519a124ea60c9_s390x | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:75ae154f741911e2b514fee0ae344c3da1d10f52ee2b96705ddbc08580e02b50_amd64 | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:85bc34ec14e604e1d2aa23a78f30cceb8e39d9c4cb5d3f50abb20285398116f4_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:617e3802d60b6ccdd0a9d99d72d6917644664c0c40ba3a53c54ce2b8d8c73383_s390x | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:c93481d8b8768f4e18f0ca43cbfaee1a27ce2ca6122f2505302b8f899b039efb_amd64 | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:f49446872837dbb08f5f60bbec882ac0a042f344dd2ce42588aad5bc4e987773_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:afabcf0da6779927c712a1f17a6f2813652d6f2591d14b338d7498e6412c5f94_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:c86d69ba6b201c3ba0bb2bb4cba1d3b50170bdd74bdf59cb73542960df40873a_amd64 | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:ebbf0c175574c323e2434e1150210758bb8591cf044f6467c64ed1795e741f14_s390x | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:0e3ae1aa2219d8de710ace3511b43ba4c51de1f4f1ee5800923a7cd2922c39f8_amd64 | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:ef8552429ef57e8aca62643443692f29bd5cba6fa987375a6e8e74e6bc2e93f4_s390x | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:f3febe52ab74ed6173f603315c48611de3de5e60a40312df9971fee901c54984_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:1b163f346b6cd925a092c529050eb241b4e68432d65dbaf728c1d83450462c12_s390x | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:8792677bd15a8b3e7bf593fb4057c63930eb89d50072774908bb5df3761dbcc1_amd64 | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:e086f4f26ba7d4392dc127bbba7ac065e0a24d51e9cd21d04b7beb4de2fc38d6_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:721ab4359de7a70f5b3832a387e4ff18c98f8d2cfd1efd934bd1116cd68fdf29_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8f7ec7a5e1e12c111e1e7021ed3a15f618df928320612edd8bd5afa43243b7d5_s390x | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8fd4970929196a9cece5e881785f49bebcb7372f045f455d64a4cc20924ebdbf_amd64 | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:0c232efe123daef18fd2025236c7fa43d58dd261afabe30537ad71e6e01b90d3_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:7268afc10ac20b12b69426be691afe20395ed9a278850e4ea1f672b50f83299a_s390x | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:99b524381910c0f0b6979107795b30171b7a823d9af4cd80cb44f846a64868f0_amd64 | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2882d2ef3e926340bf0d98958adad4d7933bdc9145417e362a1c95627c3fed45_amd64 | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2ce08569c5cac0d137554f6d9a224d243f76a16f86eaa94ea77dfea5889218af_s390x | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:4cd6d47d20af9bc294fe0223dffa5c06d78ecc512ba07d9e0064f6d2e43bd6c4_ppc64le | — |
Threats
Impact
Moderate
A flaw was found in the golang package, where programs that compile regular expressions from untrusted sources are vulnerable to memory exhaustion or a denial of service. The parsed regexp representation is linear in the input size. Still, in some cases, the constant factor can be as high as 40,000, making a relatively small regexp consume larger amounts of memory. After the fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Routine use of regular expressions is unaffected.
6.5 (Medium)
Affected products
Fixed
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:0fcec6ec95a42d4f51260843d7646ccdcfcb6ee33f7da53178e080acb11d9db8_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:3fa9449daa00266fc428a9a83c880567ae162600bcfb7b545706aa2b02587e6c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:a39c492781b5bb2f42ffd10c994a8ee80e67bcfe9ad1f27852095af72ef4efef_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:afabcf0da6779927c712a1f17a6f2813652d6f2591d14b338d7498e6412c5f94_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:c86d69ba6b201c3ba0bb2bb4cba1d3b50170bdd74bdf59cb73542960df40873a_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:ebbf0c175574c323e2434e1150210758bb8591cf044f6467c64ed1795e741f14_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:1b163f346b6cd925a092c529050eb241b4e68432d65dbaf728c1d83450462c12_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:8792677bd15a8b3e7bf593fb4057c63930eb89d50072774908bb5df3761dbcc1_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:e086f4f26ba7d4392dc127bbba7ac065e0a24d51e9cd21d04b7beb4de2fc38d6_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:721ab4359de7a70f5b3832a387e4ff18c98f8d2cfd1efd934bd1116cd68fdf29_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8f7ec7a5e1e12c111e1e7021ed3a15f618df928320612edd8bd5afa43243b7d5_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8fd4970929196a9cece5e881785f49bebcb7372f045f455d64a4cc20924ebdbf_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:0c232efe123daef18fd2025236c7fa43d58dd261afabe30537ad71e6e01b90d3_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:7268afc10ac20b12b69426be691afe20395ed9a278850e4ea1f672b50f83299a_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:99b524381910c0f0b6979107795b30171b7a823d9af4cd80cb44f846a64868f0_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2882d2ef3e926340bf0d98958adad4d7933bdc9145417e362a1c95627c3fed45_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2ce08569c5cac0d137554f6d9a224d243f76a16f86eaa94ea77dfea5889218af_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:4cd6d47d20af9bc294fe0223dffa5c06d78ecc512ba07d9e0064f6d2e43bd6c4_ppc64le | — |
Vendor Fix
fix
|
Known not affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:5dfa0bcc7229240a63b0f2827ff8b8a89d67e338e997003ecf0519a124ea60c9_s390x | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:75ae154f741911e2b514fee0ae344c3da1d10f52ee2b96705ddbc08580e02b50_amd64 | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:85bc34ec14e604e1d2aa23a78f30cceb8e39d9c4cb5d3f50abb20285398116f4_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:617e3802d60b6ccdd0a9d99d72d6917644664c0c40ba3a53c54ce2b8d8c73383_s390x | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:c93481d8b8768f4e18f0ca43cbfaee1a27ce2ca6122f2505302b8f899b039efb_amd64 | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:f49446872837dbb08f5f60bbec882ac0a042f344dd2ce42588aad5bc4e987773_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:0e3ae1aa2219d8de710ace3511b43ba4c51de1f4f1ee5800923a7cd2922c39f8_amd64 | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:ef8552429ef57e8aca62643443692f29bd5cba6fa987375a6e8e74e6bc2e93f4_s390x | — | ||
| Unresolved product id: 8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:f3febe52ab74ed6173f603315c48611de3de5e60a40312df9971fee901c54984_ppc64le | — |
Threats
Impact
Moderate
References
80 references
Acknowledgments
ADA Logics
Adam Korczynski
OSS-Fuzz
Head of Research, Oxeye
Daniel Abeles
Security Researcher, Oxeye
Gal Goldstein
Red Hat
John Mazzitelli
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Service Mesh 2.3.1 Containers\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Service Mesh is the Red Hat distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation.\n\nThis advisory covers container images for the release.\n\nSecurity Fix(es):\n\n* goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be (CVE-2021-4238)\n* golang: archive/tar: unbounded memory consumption when reading headers (CVE-2022-2879)\n* golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880)\n* golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)\n* Istio: Denial of service attack via a specially crafted message (CVE-2022-39278)\n* golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715)\n* kiali: error message spoofing in kiali UI (CVE-2022-3962)\n* golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service (CVE-2022-32189)\n\nFor more details about security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, see the CVE page(s) listed in the Container CVEs section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:0542",
"url": "https://access.redhat.com/errata/RHSA-2023:0542"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2113814",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2113814"
},
{
"category": "external",
"summary": "2124669",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124669"
},
{
"category": "external",
"summary": "2132867",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132867"
},
{
"category": "external",
"summary": "2132868",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132868"
},
{
"category": "external",
"summary": "2132872",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132872"
},
{
"category": "external",
"summary": "2148199",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2148199"
},
{
"category": "external",
"summary": "2148661",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2148661"
},
{
"category": "external",
"summary": "2156729",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156729"
},
{
"category": "external",
"summary": "OSSM-1977",
"url": "https://issues.redhat.com/browse/OSSM-1977"
},
{
"category": "external",
"summary": "OSSM-2083",
"url": "https://issues.redhat.com/browse/OSSM-2083"
},
{
"category": "external",
"summary": "OSSM-2147",
"url": "https://issues.redhat.com/browse/OSSM-2147"
},
{
"category": "external",
"summary": "OSSM-2169",
"url": "https://issues.redhat.com/browse/OSSM-2169"
},
{
"category": "external",
"summary": "OSSM-2170",
"url": "https://issues.redhat.com/browse/OSSM-2170"
},
{
"category": "external",
"summary": "OSSM-2179",
"url": "https://issues.redhat.com/browse/OSSM-2179"
},
{
"category": "external",
"summary": "OSSM-2184",
"url": "https://issues.redhat.com/browse/OSSM-2184"
},
{
"category": "external",
"summary": "OSSM-2188",
"url": "https://issues.redhat.com/browse/OSSM-2188"
},
{
"category": "external",
"summary": "OSSM-2189",
"url": "https://issues.redhat.com/browse/OSSM-2189"
},
{
"category": "external",
"summary": "OSSM-2190",
"url": "https://issues.redhat.com/browse/OSSM-2190"
},
{
"category": "external",
"summary": "OSSM-2232",
"url": "https://issues.redhat.com/browse/OSSM-2232"
},
{
"category": "external",
"summary": "OSSM-2241",
"url": "https://issues.redhat.com/browse/OSSM-2241"
},
{
"category": "external",
"summary": "OSSM-2251",
"url": "https://issues.redhat.com/browse/OSSM-2251"
},
{
"category": "external",
"summary": "OSSM-2308",
"url": "https://issues.redhat.com/browse/OSSM-2308"
},
{
"category": "external",
"summary": "OSSM-2315",
"url": "https://issues.redhat.com/browse/OSSM-2315"
},
{
"category": "external",
"summary": "OSSM-2324",
"url": "https://issues.redhat.com/browse/OSSM-2324"
},
{
"category": "external",
"summary": "OSSM-2335",
"url": "https://issues.redhat.com/browse/OSSM-2335"
},
{
"category": "external",
"summary": "OSSM-2338",
"url": "https://issues.redhat.com/browse/OSSM-2338"
},
{
"category": "external",
"summary": "OSSM-2344",
"url": "https://issues.redhat.com/browse/OSSM-2344"
},
{
"category": "external",
"summary": "OSSM-2375",
"url": "https://issues.redhat.com/browse/OSSM-2375"
},
{
"category": "external",
"summary": "OSSM-2376",
"url": "https://issues.redhat.com/browse/OSSM-2376"
},
{
"category": "external",
"summary": "OSSM-535",
"url": "https://issues.redhat.com/browse/OSSM-535"
},
{
"category": "external",
"summary": "OSSM-827",
"url": "https://issues.redhat.com/browse/OSSM-827"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_0542.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Service Mesh 2.3.1 Containers security update",
"tracking": {
"current_release_date": "2026-05-27T08:35:45+00:00",
"generator": {
"date": "2026-05-27T08:35:45+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2023:0542",
"initial_release_date": "2023-01-30T17:18:54+00:00",
"revision_history": [
{
"date": "2023-01-30T17:18:54+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-01-30T17:18:54+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-27T08:35:45+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHOSSM 2.3 for RHEL 8",
"product": {
"name": "RHOSSM 2.3 for RHEL 8",
"product_id": "8Base-RHOSSM-2.3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:service_mesh:2.3::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Service Mesh"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:3fa9449daa00266fc428a9a83c880567ae162600bcfb7b545706aa2b02587e6c_amd64",
"product": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:3fa9449daa00266fc428a9a83c880567ae162600bcfb7b545706aa2b02587e6c_amd64",
"product_id": "openshift-service-mesh/istio-cni-rhel8@sha256:3fa9449daa00266fc428a9a83c880567ae162600bcfb7b545706aa2b02587e6c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel8@sha256:3fa9449daa00266fc428a9a83c880567ae162600bcfb7b545706aa2b02587e6c?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8\u0026tag=2.3.1-9"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/grafana-rhel8@sha256:75ae154f741911e2b514fee0ae344c3da1d10f52ee2b96705ddbc08580e02b50_amd64",
"product": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:75ae154f741911e2b514fee0ae344c3da1d10f52ee2b96705ddbc08580e02b50_amd64",
"product_id": "openshift-service-mesh/grafana-rhel8@sha256:75ae154f741911e2b514fee0ae344c3da1d10f52ee2b96705ddbc08580e02b50_amd64",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel8@sha256:75ae154f741911e2b514fee0ae344c3da1d10f52ee2b96705ddbc08580e02b50?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8\u0026tag=2.3.1-5"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/kiali-rhel8@sha256:0e3ae1aa2219d8de710ace3511b43ba4c51de1f4f1ee5800923a7cd2922c39f8_amd64",
"product": {
"name": "openshift-service-mesh/kiali-rhel8@sha256:0e3ae1aa2219d8de710ace3511b43ba4c51de1f4f1ee5800923a7cd2922c39f8_amd64",
"product_id": "openshift-service-mesh/kiali-rhel8@sha256:0e3ae1aa2219d8de710ace3511b43ba4c51de1f4f1ee5800923a7cd2922c39f8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8@sha256:0e3ae1aa2219d8de710ace3511b43ba4c51de1f4f1ee5800923a7cd2922c39f8?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8\u0026tag=1.57.5-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:c93481d8b8768f4e18f0ca43cbfaee1a27ce2ca6122f2505302b8f899b039efb_amd64",
"product": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:c93481d8b8768f4e18f0ca43cbfaee1a27ce2ca6122f2505302b8f899b039efb_amd64",
"product_id": "openshift-service-mesh/istio-must-gather-rhel8@sha256:c93481d8b8768f4e18f0ca43cbfaee1a27ce2ca6122f2505302b8f899b039efb_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel8@sha256:c93481d8b8768f4e18f0ca43cbfaee1a27ce2ca6122f2505302b8f899b039efb?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8\u0026tag=2.3.1-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-rhel8-operator@sha256:c86d69ba6b201c3ba0bb2bb4cba1d3b50170bdd74bdf59cb73542960df40873a_amd64",
"product": {
"name": "openshift-service-mesh/istio-rhel8-operator@sha256:c86d69ba6b201c3ba0bb2bb4cba1d3b50170bdd74bdf59cb73542960df40873a_amd64",
"product_id": "openshift-service-mesh/istio-rhel8-operator@sha256:c86d69ba6b201c3ba0bb2bb4cba1d3b50170bdd74bdf59cb73542960df40873a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel8-operator@sha256:c86d69ba6b201c3ba0bb2bb4cba1d3b50170bdd74bdf59cb73542960df40873a?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel8-operator\u0026tag=2.3.1-10"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/pilot-rhel8@sha256:8792677bd15a8b3e7bf593fb4057c63930eb89d50072774908bb5df3761dbcc1_amd64",
"product": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:8792677bd15a8b3e7bf593fb4057c63930eb89d50072774908bb5df3761dbcc1_amd64",
"product_id": "openshift-service-mesh/pilot-rhel8@sha256:8792677bd15a8b3e7bf593fb4057c63930eb89d50072774908bb5df3761dbcc1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pilot-rhel8@sha256:8792677bd15a8b3e7bf593fb4057c63930eb89d50072774908bb5df3761dbcc1?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8\u0026tag=2.3.1-9"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/prometheus-rhel8@sha256:8fd4970929196a9cece5e881785f49bebcb7372f045f455d64a4cc20924ebdbf_amd64",
"product": {
"name": "openshift-service-mesh/prometheus-rhel8@sha256:8fd4970929196a9cece5e881785f49bebcb7372f045f455d64a4cc20924ebdbf_amd64",
"product_id": "openshift-service-mesh/prometheus-rhel8@sha256:8fd4970929196a9cece5e881785f49bebcb7372f045f455d64a4cc20924ebdbf_amd64",
"product_identification_helper": {
"purl": "pkg:oci/prometheus-rhel8@sha256:8fd4970929196a9cece5e881785f49bebcb7372f045f455d64a4cc20924ebdbf?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/prometheus-rhel8\u0026tag=2.3.1-6"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:99b524381910c0f0b6979107795b30171b7a823d9af4cd80cb44f846a64868f0_amd64",
"product": {
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:99b524381910c0f0b6979107795b30171b7a823d9af4cd80cb44f846a64868f0_amd64",
"product_id": "openshift-service-mesh/proxyv2-rhel8@sha256:99b524381910c0f0b6979107795b30171b7a823d9af4cd80cb44f846a64868f0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/proxyv2-rhel8@sha256:99b524381910c0f0b6979107795b30171b7a823d9af4cd80cb44f846a64868f0?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel8\u0026tag=2.3.1-11"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:2882d2ef3e926340bf0d98958adad4d7933bdc9145417e362a1c95627c3fed45_amd64",
"product": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:2882d2ef3e926340bf0d98958adad4d7933bdc9145417e362a1c95627c3fed45_amd64",
"product_id": "openshift-service-mesh/ratelimit-rhel8@sha256:2882d2ef3e926340bf0d98958adad4d7933bdc9145417e362a1c95627c3fed45_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ratelimit-rhel8@sha256:2882d2ef3e926340bf0d98958adad4d7933bdc9145417e362a1c95627c3fed45?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8\u0026tag=2.3.1-5"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:a39c492781b5bb2f42ffd10c994a8ee80e67bcfe9ad1f27852095af72ef4efef_s390x",
"product": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:a39c492781b5bb2f42ffd10c994a8ee80e67bcfe9ad1f27852095af72ef4efef_s390x",
"product_id": "openshift-service-mesh/istio-cni-rhel8@sha256:a39c492781b5bb2f42ffd10c994a8ee80e67bcfe9ad1f27852095af72ef4efef_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel8@sha256:a39c492781b5bb2f42ffd10c994a8ee80e67bcfe9ad1f27852095af72ef4efef?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8\u0026tag=2.3.1-9"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/grafana-rhel8@sha256:5dfa0bcc7229240a63b0f2827ff8b8a89d67e338e997003ecf0519a124ea60c9_s390x",
"product": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:5dfa0bcc7229240a63b0f2827ff8b8a89d67e338e997003ecf0519a124ea60c9_s390x",
"product_id": "openshift-service-mesh/grafana-rhel8@sha256:5dfa0bcc7229240a63b0f2827ff8b8a89d67e338e997003ecf0519a124ea60c9_s390x",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel8@sha256:5dfa0bcc7229240a63b0f2827ff8b8a89d67e338e997003ecf0519a124ea60c9?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8\u0026tag=2.3.1-5"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/kiali-rhel8@sha256:ef8552429ef57e8aca62643443692f29bd5cba6fa987375a6e8e74e6bc2e93f4_s390x",
"product": {
"name": "openshift-service-mesh/kiali-rhel8@sha256:ef8552429ef57e8aca62643443692f29bd5cba6fa987375a6e8e74e6bc2e93f4_s390x",
"product_id": "openshift-service-mesh/kiali-rhel8@sha256:ef8552429ef57e8aca62643443692f29bd5cba6fa987375a6e8e74e6bc2e93f4_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8@sha256:ef8552429ef57e8aca62643443692f29bd5cba6fa987375a6e8e74e6bc2e93f4?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8\u0026tag=1.57.5-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:617e3802d60b6ccdd0a9d99d72d6917644664c0c40ba3a53c54ce2b8d8c73383_s390x",
"product": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:617e3802d60b6ccdd0a9d99d72d6917644664c0c40ba3a53c54ce2b8d8c73383_s390x",
"product_id": "openshift-service-mesh/istio-must-gather-rhel8@sha256:617e3802d60b6ccdd0a9d99d72d6917644664c0c40ba3a53c54ce2b8d8c73383_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel8@sha256:617e3802d60b6ccdd0a9d99d72d6917644664c0c40ba3a53c54ce2b8d8c73383?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8\u0026tag=2.3.1-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-rhel8-operator@sha256:ebbf0c175574c323e2434e1150210758bb8591cf044f6467c64ed1795e741f14_s390x",
"product": {
"name": "openshift-service-mesh/istio-rhel8-operator@sha256:ebbf0c175574c323e2434e1150210758bb8591cf044f6467c64ed1795e741f14_s390x",
"product_id": "openshift-service-mesh/istio-rhel8-operator@sha256:ebbf0c175574c323e2434e1150210758bb8591cf044f6467c64ed1795e741f14_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel8-operator@sha256:ebbf0c175574c323e2434e1150210758bb8591cf044f6467c64ed1795e741f14?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel8-operator\u0026tag=2.3.1-10"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/pilot-rhel8@sha256:1b163f346b6cd925a092c529050eb241b4e68432d65dbaf728c1d83450462c12_s390x",
"product": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:1b163f346b6cd925a092c529050eb241b4e68432d65dbaf728c1d83450462c12_s390x",
"product_id": "openshift-service-mesh/pilot-rhel8@sha256:1b163f346b6cd925a092c529050eb241b4e68432d65dbaf728c1d83450462c12_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pilot-rhel8@sha256:1b163f346b6cd925a092c529050eb241b4e68432d65dbaf728c1d83450462c12?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8\u0026tag=2.3.1-9"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/prometheus-rhel8@sha256:8f7ec7a5e1e12c111e1e7021ed3a15f618df928320612edd8bd5afa43243b7d5_s390x",
"product": {
"name": "openshift-service-mesh/prometheus-rhel8@sha256:8f7ec7a5e1e12c111e1e7021ed3a15f618df928320612edd8bd5afa43243b7d5_s390x",
"product_id": "openshift-service-mesh/prometheus-rhel8@sha256:8f7ec7a5e1e12c111e1e7021ed3a15f618df928320612edd8bd5afa43243b7d5_s390x",
"product_identification_helper": {
"purl": "pkg:oci/prometheus-rhel8@sha256:8f7ec7a5e1e12c111e1e7021ed3a15f618df928320612edd8bd5afa43243b7d5?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/prometheus-rhel8\u0026tag=2.3.1-6"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:7268afc10ac20b12b69426be691afe20395ed9a278850e4ea1f672b50f83299a_s390x",
"product": {
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:7268afc10ac20b12b69426be691afe20395ed9a278850e4ea1f672b50f83299a_s390x",
"product_id": "openshift-service-mesh/proxyv2-rhel8@sha256:7268afc10ac20b12b69426be691afe20395ed9a278850e4ea1f672b50f83299a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/proxyv2-rhel8@sha256:7268afc10ac20b12b69426be691afe20395ed9a278850e4ea1f672b50f83299a?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel8\u0026tag=2.3.1-11"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:2ce08569c5cac0d137554f6d9a224d243f76a16f86eaa94ea77dfea5889218af_s390x",
"product": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:2ce08569c5cac0d137554f6d9a224d243f76a16f86eaa94ea77dfea5889218af_s390x",
"product_id": "openshift-service-mesh/ratelimit-rhel8@sha256:2ce08569c5cac0d137554f6d9a224d243f76a16f86eaa94ea77dfea5889218af_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ratelimit-rhel8@sha256:2ce08569c5cac0d137554f6d9a224d243f76a16f86eaa94ea77dfea5889218af?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8\u0026tag=2.3.1-5"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:0fcec6ec95a42d4f51260843d7646ccdcfcb6ee33f7da53178e080acb11d9db8_ppc64le",
"product": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:0fcec6ec95a42d4f51260843d7646ccdcfcb6ee33f7da53178e080acb11d9db8_ppc64le",
"product_id": "openshift-service-mesh/istio-cni-rhel8@sha256:0fcec6ec95a42d4f51260843d7646ccdcfcb6ee33f7da53178e080acb11d9db8_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel8@sha256:0fcec6ec95a42d4f51260843d7646ccdcfcb6ee33f7da53178e080acb11d9db8?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8\u0026tag=2.3.1-9"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/grafana-rhel8@sha256:85bc34ec14e604e1d2aa23a78f30cceb8e39d9c4cb5d3f50abb20285398116f4_ppc64le",
"product": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:85bc34ec14e604e1d2aa23a78f30cceb8e39d9c4cb5d3f50abb20285398116f4_ppc64le",
"product_id": "openshift-service-mesh/grafana-rhel8@sha256:85bc34ec14e604e1d2aa23a78f30cceb8e39d9c4cb5d3f50abb20285398116f4_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel8@sha256:85bc34ec14e604e1d2aa23a78f30cceb8e39d9c4cb5d3f50abb20285398116f4?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8\u0026tag=2.3.1-5"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/kiali-rhel8@sha256:f3febe52ab74ed6173f603315c48611de3de5e60a40312df9971fee901c54984_ppc64le",
"product": {
"name": "openshift-service-mesh/kiali-rhel8@sha256:f3febe52ab74ed6173f603315c48611de3de5e60a40312df9971fee901c54984_ppc64le",
"product_id": "openshift-service-mesh/kiali-rhel8@sha256:f3febe52ab74ed6173f603315c48611de3de5e60a40312df9971fee901c54984_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8@sha256:f3febe52ab74ed6173f603315c48611de3de5e60a40312df9971fee901c54984?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8\u0026tag=1.57.5-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:f49446872837dbb08f5f60bbec882ac0a042f344dd2ce42588aad5bc4e987773_ppc64le",
"product": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:f49446872837dbb08f5f60bbec882ac0a042f344dd2ce42588aad5bc4e987773_ppc64le",
"product_id": "openshift-service-mesh/istio-must-gather-rhel8@sha256:f49446872837dbb08f5f60bbec882ac0a042f344dd2ce42588aad5bc4e987773_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel8@sha256:f49446872837dbb08f5f60bbec882ac0a042f344dd2ce42588aad5bc4e987773?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8\u0026tag=2.3.1-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-rhel8-operator@sha256:afabcf0da6779927c712a1f17a6f2813652d6f2591d14b338d7498e6412c5f94_ppc64le",
"product": {
"name": "openshift-service-mesh/istio-rhel8-operator@sha256:afabcf0da6779927c712a1f17a6f2813652d6f2591d14b338d7498e6412c5f94_ppc64le",
"product_id": "openshift-service-mesh/istio-rhel8-operator@sha256:afabcf0da6779927c712a1f17a6f2813652d6f2591d14b338d7498e6412c5f94_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel8-operator@sha256:afabcf0da6779927c712a1f17a6f2813652d6f2591d14b338d7498e6412c5f94?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel8-operator\u0026tag=2.3.1-10"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/pilot-rhel8@sha256:e086f4f26ba7d4392dc127bbba7ac065e0a24d51e9cd21d04b7beb4de2fc38d6_ppc64le",
"product": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:e086f4f26ba7d4392dc127bbba7ac065e0a24d51e9cd21d04b7beb4de2fc38d6_ppc64le",
"product_id": "openshift-service-mesh/pilot-rhel8@sha256:e086f4f26ba7d4392dc127bbba7ac065e0a24d51e9cd21d04b7beb4de2fc38d6_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pilot-rhel8@sha256:e086f4f26ba7d4392dc127bbba7ac065e0a24d51e9cd21d04b7beb4de2fc38d6?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8\u0026tag=2.3.1-9"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/prometheus-rhel8@sha256:721ab4359de7a70f5b3832a387e4ff18c98f8d2cfd1efd934bd1116cd68fdf29_ppc64le",
"product": {
"name": "openshift-service-mesh/prometheus-rhel8@sha256:721ab4359de7a70f5b3832a387e4ff18c98f8d2cfd1efd934bd1116cd68fdf29_ppc64le",
"product_id": "openshift-service-mesh/prometheus-rhel8@sha256:721ab4359de7a70f5b3832a387e4ff18c98f8d2cfd1efd934bd1116cd68fdf29_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/prometheus-rhel8@sha256:721ab4359de7a70f5b3832a387e4ff18c98f8d2cfd1efd934bd1116cd68fdf29?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/prometheus-rhel8\u0026tag=2.3.1-6"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:0c232efe123daef18fd2025236c7fa43d58dd261afabe30537ad71e6e01b90d3_ppc64le",
"product": {
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:0c232efe123daef18fd2025236c7fa43d58dd261afabe30537ad71e6e01b90d3_ppc64le",
"product_id": "openshift-service-mesh/proxyv2-rhel8@sha256:0c232efe123daef18fd2025236c7fa43d58dd261afabe30537ad71e6e01b90d3_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/proxyv2-rhel8@sha256:0c232efe123daef18fd2025236c7fa43d58dd261afabe30537ad71e6e01b90d3?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel8\u0026tag=2.3.1-11"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:4cd6d47d20af9bc294fe0223dffa5c06d78ecc512ba07d9e0064f6d2e43bd6c4_ppc64le",
"product": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:4cd6d47d20af9bc294fe0223dffa5c06d78ecc512ba07d9e0064f6d2e43bd6c4_ppc64le",
"product_id": "openshift-service-mesh/ratelimit-rhel8@sha256:4cd6d47d20af9bc294fe0223dffa5c06d78ecc512ba07d9e0064f6d2e43bd6c4_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ratelimit-rhel8@sha256:4cd6d47d20af9bc294fe0223dffa5c06d78ecc512ba07d9e0064f6d2e43bd6c4?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8\u0026tag=2.3.1-5"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:5dfa0bcc7229240a63b0f2827ff8b8a89d67e338e997003ecf0519a124ea60c9_s390x as a component of RHOSSM 2.3 for RHEL 8",
"product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:5dfa0bcc7229240a63b0f2827ff8b8a89d67e338e997003ecf0519a124ea60c9_s390x"
},
"product_reference": "openshift-service-mesh/grafana-rhel8@sha256:5dfa0bcc7229240a63b0f2827ff8b8a89d67e338e997003ecf0519a124ea60c9_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:75ae154f741911e2b514fee0ae344c3da1d10f52ee2b96705ddbc08580e02b50_amd64 as a component of RHOSSM 2.3 for RHEL 8",
"product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:75ae154f741911e2b514fee0ae344c3da1d10f52ee2b96705ddbc08580e02b50_amd64"
},
"product_reference": "openshift-service-mesh/grafana-rhel8@sha256:75ae154f741911e2b514fee0ae344c3da1d10f52ee2b96705ddbc08580e02b50_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:85bc34ec14e604e1d2aa23a78f30cceb8e39d9c4cb5d3f50abb20285398116f4_ppc64le as a component of RHOSSM 2.3 for RHEL 8",
"product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:85bc34ec14e604e1d2aa23a78f30cceb8e39d9c4cb5d3f50abb20285398116f4_ppc64le"
},
"product_reference": "openshift-service-mesh/grafana-rhel8@sha256:85bc34ec14e604e1d2aa23a78f30cceb8e39d9c4cb5d3f50abb20285398116f4_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:0fcec6ec95a42d4f51260843d7646ccdcfcb6ee33f7da53178e080acb11d9db8_ppc64le as a component of RHOSSM 2.3 for RHEL 8",
"product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:0fcec6ec95a42d4f51260843d7646ccdcfcb6ee33f7da53178e080acb11d9db8_ppc64le"
},
"product_reference": "openshift-service-mesh/istio-cni-rhel8@sha256:0fcec6ec95a42d4f51260843d7646ccdcfcb6ee33f7da53178e080acb11d9db8_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:3fa9449daa00266fc428a9a83c880567ae162600bcfb7b545706aa2b02587e6c_amd64 as a component of RHOSSM 2.3 for RHEL 8",
"product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:3fa9449daa00266fc428a9a83c880567ae162600bcfb7b545706aa2b02587e6c_amd64"
},
"product_reference": "openshift-service-mesh/istio-cni-rhel8@sha256:3fa9449daa00266fc428a9a83c880567ae162600bcfb7b545706aa2b02587e6c_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:a39c492781b5bb2f42ffd10c994a8ee80e67bcfe9ad1f27852095af72ef4efef_s390x as a component of RHOSSM 2.3 for RHEL 8",
"product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:a39c492781b5bb2f42ffd10c994a8ee80e67bcfe9ad1f27852095af72ef4efef_s390x"
},
"product_reference": "openshift-service-mesh/istio-cni-rhel8@sha256:a39c492781b5bb2f42ffd10c994a8ee80e67bcfe9ad1f27852095af72ef4efef_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:617e3802d60b6ccdd0a9d99d72d6917644664c0c40ba3a53c54ce2b8d8c73383_s390x as a component of RHOSSM 2.3 for RHEL 8",
"product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:617e3802d60b6ccdd0a9d99d72d6917644664c0c40ba3a53c54ce2b8d8c73383_s390x"
},
"product_reference": "openshift-service-mesh/istio-must-gather-rhel8@sha256:617e3802d60b6ccdd0a9d99d72d6917644664c0c40ba3a53c54ce2b8d8c73383_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:c93481d8b8768f4e18f0ca43cbfaee1a27ce2ca6122f2505302b8f899b039efb_amd64 as a component of RHOSSM 2.3 for RHEL 8",
"product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:c93481d8b8768f4e18f0ca43cbfaee1a27ce2ca6122f2505302b8f899b039efb_amd64"
},
"product_reference": "openshift-service-mesh/istio-must-gather-rhel8@sha256:c93481d8b8768f4e18f0ca43cbfaee1a27ce2ca6122f2505302b8f899b039efb_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:f49446872837dbb08f5f60bbec882ac0a042f344dd2ce42588aad5bc4e987773_ppc64le as a component of RHOSSM 2.3 for RHEL 8",
"product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:f49446872837dbb08f5f60bbec882ac0a042f344dd2ce42588aad5bc4e987773_ppc64le"
},
"product_reference": "openshift-service-mesh/istio-must-gather-rhel8@sha256:f49446872837dbb08f5f60bbec882ac0a042f344dd2ce42588aad5bc4e987773_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-rhel8-operator@sha256:afabcf0da6779927c712a1f17a6f2813652d6f2591d14b338d7498e6412c5f94_ppc64le as a component of RHOSSM 2.3 for RHEL 8",
"product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:afabcf0da6779927c712a1f17a6f2813652d6f2591d14b338d7498e6412c5f94_ppc64le"
},
"product_reference": "openshift-service-mesh/istio-rhel8-operator@sha256:afabcf0da6779927c712a1f17a6f2813652d6f2591d14b338d7498e6412c5f94_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-rhel8-operator@sha256:c86d69ba6b201c3ba0bb2bb4cba1d3b50170bdd74bdf59cb73542960df40873a_amd64 as a component of RHOSSM 2.3 for RHEL 8",
"product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:c86d69ba6b201c3ba0bb2bb4cba1d3b50170bdd74bdf59cb73542960df40873a_amd64"
},
"product_reference": "openshift-service-mesh/istio-rhel8-operator@sha256:c86d69ba6b201c3ba0bb2bb4cba1d3b50170bdd74bdf59cb73542960df40873a_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-rhel8-operator@sha256:ebbf0c175574c323e2434e1150210758bb8591cf044f6467c64ed1795e741f14_s390x as a component of RHOSSM 2.3 for RHEL 8",
"product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:ebbf0c175574c323e2434e1150210758bb8591cf044f6467c64ed1795e741f14_s390x"
},
"product_reference": "openshift-service-mesh/istio-rhel8-operator@sha256:ebbf0c175574c323e2434e1150210758bb8591cf044f6467c64ed1795e741f14_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/kiali-rhel8@sha256:0e3ae1aa2219d8de710ace3511b43ba4c51de1f4f1ee5800923a7cd2922c39f8_amd64 as a component of RHOSSM 2.3 for RHEL 8",
"product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:0e3ae1aa2219d8de710ace3511b43ba4c51de1f4f1ee5800923a7cd2922c39f8_amd64"
},
"product_reference": "openshift-service-mesh/kiali-rhel8@sha256:0e3ae1aa2219d8de710ace3511b43ba4c51de1f4f1ee5800923a7cd2922c39f8_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/kiali-rhel8@sha256:ef8552429ef57e8aca62643443692f29bd5cba6fa987375a6e8e74e6bc2e93f4_s390x as a component of RHOSSM 2.3 for RHEL 8",
"product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:ef8552429ef57e8aca62643443692f29bd5cba6fa987375a6e8e74e6bc2e93f4_s390x"
},
"product_reference": "openshift-service-mesh/kiali-rhel8@sha256:ef8552429ef57e8aca62643443692f29bd5cba6fa987375a6e8e74e6bc2e93f4_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/kiali-rhel8@sha256:f3febe52ab74ed6173f603315c48611de3de5e60a40312df9971fee901c54984_ppc64le as a component of RHOSSM 2.3 for RHEL 8",
"product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:f3febe52ab74ed6173f603315c48611de3de5e60a40312df9971fee901c54984_ppc64le"
},
"product_reference": "openshift-service-mesh/kiali-rhel8@sha256:f3febe52ab74ed6173f603315c48611de3de5e60a40312df9971fee901c54984_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:1b163f346b6cd925a092c529050eb241b4e68432d65dbaf728c1d83450462c12_s390x as a component of RHOSSM 2.3 for RHEL 8",
"product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:1b163f346b6cd925a092c529050eb241b4e68432d65dbaf728c1d83450462c12_s390x"
},
"product_reference": "openshift-service-mesh/pilot-rhel8@sha256:1b163f346b6cd925a092c529050eb241b4e68432d65dbaf728c1d83450462c12_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:8792677bd15a8b3e7bf593fb4057c63930eb89d50072774908bb5df3761dbcc1_amd64 as a component of RHOSSM 2.3 for RHEL 8",
"product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:8792677bd15a8b3e7bf593fb4057c63930eb89d50072774908bb5df3761dbcc1_amd64"
},
"product_reference": "openshift-service-mesh/pilot-rhel8@sha256:8792677bd15a8b3e7bf593fb4057c63930eb89d50072774908bb5df3761dbcc1_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:e086f4f26ba7d4392dc127bbba7ac065e0a24d51e9cd21d04b7beb4de2fc38d6_ppc64le as a component of RHOSSM 2.3 for RHEL 8",
"product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:e086f4f26ba7d4392dc127bbba7ac065e0a24d51e9cd21d04b7beb4de2fc38d6_ppc64le"
},
"product_reference": "openshift-service-mesh/pilot-rhel8@sha256:e086f4f26ba7d4392dc127bbba7ac065e0a24d51e9cd21d04b7beb4de2fc38d6_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/prometheus-rhel8@sha256:721ab4359de7a70f5b3832a387e4ff18c98f8d2cfd1efd934bd1116cd68fdf29_ppc64le as a component of RHOSSM 2.3 for RHEL 8",
"product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:721ab4359de7a70f5b3832a387e4ff18c98f8d2cfd1efd934bd1116cd68fdf29_ppc64le"
},
"product_reference": "openshift-service-mesh/prometheus-rhel8@sha256:721ab4359de7a70f5b3832a387e4ff18c98f8d2cfd1efd934bd1116cd68fdf29_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/prometheus-rhel8@sha256:8f7ec7a5e1e12c111e1e7021ed3a15f618df928320612edd8bd5afa43243b7d5_s390x as a component of RHOSSM 2.3 for RHEL 8",
"product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8f7ec7a5e1e12c111e1e7021ed3a15f618df928320612edd8bd5afa43243b7d5_s390x"
},
"product_reference": "openshift-service-mesh/prometheus-rhel8@sha256:8f7ec7a5e1e12c111e1e7021ed3a15f618df928320612edd8bd5afa43243b7d5_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/prometheus-rhel8@sha256:8fd4970929196a9cece5e881785f49bebcb7372f045f455d64a4cc20924ebdbf_amd64 as a component of RHOSSM 2.3 for RHEL 8",
"product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8fd4970929196a9cece5e881785f49bebcb7372f045f455d64a4cc20924ebdbf_amd64"
},
"product_reference": "openshift-service-mesh/prometheus-rhel8@sha256:8fd4970929196a9cece5e881785f49bebcb7372f045f455d64a4cc20924ebdbf_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:0c232efe123daef18fd2025236c7fa43d58dd261afabe30537ad71e6e01b90d3_ppc64le as a component of RHOSSM 2.3 for RHEL 8",
"product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:0c232efe123daef18fd2025236c7fa43d58dd261afabe30537ad71e6e01b90d3_ppc64le"
},
"product_reference": "openshift-service-mesh/proxyv2-rhel8@sha256:0c232efe123daef18fd2025236c7fa43d58dd261afabe30537ad71e6e01b90d3_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:7268afc10ac20b12b69426be691afe20395ed9a278850e4ea1f672b50f83299a_s390x as a component of RHOSSM 2.3 for RHEL 8",
"product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:7268afc10ac20b12b69426be691afe20395ed9a278850e4ea1f672b50f83299a_s390x"
},
"product_reference": "openshift-service-mesh/proxyv2-rhel8@sha256:7268afc10ac20b12b69426be691afe20395ed9a278850e4ea1f672b50f83299a_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:99b524381910c0f0b6979107795b30171b7a823d9af4cd80cb44f846a64868f0_amd64 as a component of RHOSSM 2.3 for RHEL 8",
"product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:99b524381910c0f0b6979107795b30171b7a823d9af4cd80cb44f846a64868f0_amd64"
},
"product_reference": "openshift-service-mesh/proxyv2-rhel8@sha256:99b524381910c0f0b6979107795b30171b7a823d9af4cd80cb44f846a64868f0_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:2882d2ef3e926340bf0d98958adad4d7933bdc9145417e362a1c95627c3fed45_amd64 as a component of RHOSSM 2.3 for RHEL 8",
"product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2882d2ef3e926340bf0d98958adad4d7933bdc9145417e362a1c95627c3fed45_amd64"
},
"product_reference": "openshift-service-mesh/ratelimit-rhel8@sha256:2882d2ef3e926340bf0d98958adad4d7933bdc9145417e362a1c95627c3fed45_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:2ce08569c5cac0d137554f6d9a224d243f76a16f86eaa94ea77dfea5889218af_s390x as a component of RHOSSM 2.3 for RHEL 8",
"product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2ce08569c5cac0d137554f6d9a224d243f76a16f86eaa94ea77dfea5889218af_s390x"
},
"product_reference": "openshift-service-mesh/ratelimit-rhel8@sha256:2ce08569c5cac0d137554f6d9a224d243f76a16f86eaa94ea77dfea5889218af_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:4cd6d47d20af9bc294fe0223dffa5c06d78ecc512ba07d9e0064f6d2e43bd6c4_ppc64le as a component of RHOSSM 2.3 for RHEL 8",
"product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:4cd6d47d20af9bc294fe0223dffa5c06d78ecc512ba07d9e0064f6d2e43bd6c4_ppc64le"
},
"product_reference": "openshift-service-mesh/ratelimit-rhel8@sha256:4cd6d47d20af9bc294fe0223dffa5c06d78ecc512ba07d9e0064f6d2e43bd6c4_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-4238",
"cwe": {
"id": "CWE-331",
"name": "Insufficient Entropy"
},
"discovery_date": "2022-12-28T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:5dfa0bcc7229240a63b0f2827ff8b8a89d67e338e997003ecf0519a124ea60c9_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:75ae154f741911e2b514fee0ae344c3da1d10f52ee2b96705ddbc08580e02b50_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:85bc34ec14e604e1d2aa23a78f30cceb8e39d9c4cb5d3f50abb20285398116f4_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:0fcec6ec95a42d4f51260843d7646ccdcfcb6ee33f7da53178e080acb11d9db8_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:3fa9449daa00266fc428a9a83c880567ae162600bcfb7b545706aa2b02587e6c_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:a39c492781b5bb2f42ffd10c994a8ee80e67bcfe9ad1f27852095af72ef4efef_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:617e3802d60b6ccdd0a9d99d72d6917644664c0c40ba3a53c54ce2b8d8c73383_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:c93481d8b8768f4e18f0ca43cbfaee1a27ce2ca6122f2505302b8f899b039efb_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:f49446872837dbb08f5f60bbec882ac0a042f344dd2ce42588aad5bc4e987773_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:0e3ae1aa2219d8de710ace3511b43ba4c51de1f4f1ee5800923a7cd2922c39f8_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:ef8552429ef57e8aca62643443692f29bd5cba6fa987375a6e8e74e6bc2e93f4_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:f3febe52ab74ed6173f603315c48611de3de5e60a40312df9971fee901c54984_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:1b163f346b6cd925a092c529050eb241b4e68432d65dbaf728c1d83450462c12_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:8792677bd15a8b3e7bf593fb4057c63930eb89d50072774908bb5df3761dbcc1_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:e086f4f26ba7d4392dc127bbba7ac065e0a24d51e9cd21d04b7beb4de2fc38d6_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:721ab4359de7a70f5b3832a387e4ff18c98f8d2cfd1efd934bd1116cd68fdf29_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8f7ec7a5e1e12c111e1e7021ed3a15f618df928320612edd8bd5afa43243b7d5_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8fd4970929196a9cece5e881785f49bebcb7372f045f455d64a4cc20924ebdbf_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:0c232efe123daef18fd2025236c7fa43d58dd261afabe30537ad71e6e01b90d3_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:7268afc10ac20b12b69426be691afe20395ed9a278850e4ea1f672b50f83299a_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:99b524381910c0f0b6979107795b30171b7a823d9af4cd80cb44f846a64868f0_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2882d2ef3e926340bf0d98958adad4d7933bdc9145417e362a1c95627c3fed45_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2ce08569c5cac0d137554f6d9a224d243f76a16f86eaa94ea77dfea5889218af_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:4cd6d47d20af9bc294fe0223dffa5c06d78ecc512ba07d9e0064f6d2e43bd6c4_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2156729"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in goutils where randomly generated alphanumeric strings contain significantly less entropy than expected. Both the `RandomAlphaNumeric` and `CryptoRandomAlphaNumeric` functions always return strings containing at least one digit from 0 to 9. This issue significantly reduces the amount of entropy generated in short strings by these functions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:afabcf0da6779927c712a1f17a6f2813652d6f2591d14b338d7498e6412c5f94_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:c86d69ba6b201c3ba0bb2bb4cba1d3b50170bdd74bdf59cb73542960df40873a_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:ebbf0c175574c323e2434e1150210758bb8591cf044f6467c64ed1795e741f14_s390x"
],
"known_not_affected": [
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:5dfa0bcc7229240a63b0f2827ff8b8a89d67e338e997003ecf0519a124ea60c9_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:75ae154f741911e2b514fee0ae344c3da1d10f52ee2b96705ddbc08580e02b50_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:85bc34ec14e604e1d2aa23a78f30cceb8e39d9c4cb5d3f50abb20285398116f4_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:0fcec6ec95a42d4f51260843d7646ccdcfcb6ee33f7da53178e080acb11d9db8_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:3fa9449daa00266fc428a9a83c880567ae162600bcfb7b545706aa2b02587e6c_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:a39c492781b5bb2f42ffd10c994a8ee80e67bcfe9ad1f27852095af72ef4efef_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:617e3802d60b6ccdd0a9d99d72d6917644664c0c40ba3a53c54ce2b8d8c73383_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:c93481d8b8768f4e18f0ca43cbfaee1a27ce2ca6122f2505302b8f899b039efb_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:f49446872837dbb08f5f60bbec882ac0a042f344dd2ce42588aad5bc4e987773_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:0e3ae1aa2219d8de710ace3511b43ba4c51de1f4f1ee5800923a7cd2922c39f8_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:ef8552429ef57e8aca62643443692f29bd5cba6fa987375a6e8e74e6bc2e93f4_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:f3febe52ab74ed6173f603315c48611de3de5e60a40312df9971fee901c54984_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:1b163f346b6cd925a092c529050eb241b4e68432d65dbaf728c1d83450462c12_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:8792677bd15a8b3e7bf593fb4057c63930eb89d50072774908bb5df3761dbcc1_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:e086f4f26ba7d4392dc127bbba7ac065e0a24d51e9cd21d04b7beb4de2fc38d6_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:721ab4359de7a70f5b3832a387e4ff18c98f8d2cfd1efd934bd1116cd68fdf29_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8f7ec7a5e1e12c111e1e7021ed3a15f618df928320612edd8bd5afa43243b7d5_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8fd4970929196a9cece5e881785f49bebcb7372f045f455d64a4cc20924ebdbf_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:0c232efe123daef18fd2025236c7fa43d58dd261afabe30537ad71e6e01b90d3_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:7268afc10ac20b12b69426be691afe20395ed9a278850e4ea1f672b50f83299a_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:99b524381910c0f0b6979107795b30171b7a823d9af4cd80cb44f846a64868f0_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2882d2ef3e926340bf0d98958adad4d7933bdc9145417e362a1c95627c3fed45_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2ce08569c5cac0d137554f6d9a224d243f76a16f86eaa94ea77dfea5889218af_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:4cd6d47d20af9bc294fe0223dffa5c06d78ecc512ba07d9e0064f6d2e43bd6c4_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-4238"
},
{
"category": "external",
"summary": "RHBZ#2156729",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156729"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-4238",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4238"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-4238",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4238"
},
{
"category": "external",
"summary": "https://github.com/Masterminds/goutils/commit/869801f20f9f1e7ecdbdb6422049d8241270d5e1",
"url": "https://github.com/Masterminds/goutils/commit/869801f20f9f1e7ecdbdb6422049d8241270d5e1"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-3839-6r69-m497",
"url": "https://github.com/advisories/GHSA-3839-6r69-m497"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2022-0411",
"url": "https://pkg.go.dev/vuln/GO-2022-0411"
}
],
"release_date": "2022-12-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-30T17:18:54+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:afabcf0da6779927c712a1f17a6f2813652d6f2591d14b338d7498e6412c5f94_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:c86d69ba6b201c3ba0bb2bb4cba1d3b50170bdd74bdf59cb73542960df40873a_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:ebbf0c175574c323e2434e1150210758bb8591cf044f6467c64ed1795e741f14_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0542"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:5dfa0bcc7229240a63b0f2827ff8b8a89d67e338e997003ecf0519a124ea60c9_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:75ae154f741911e2b514fee0ae344c3da1d10f52ee2b96705ddbc08580e02b50_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:85bc34ec14e604e1d2aa23a78f30cceb8e39d9c4cb5d3f50abb20285398116f4_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:0fcec6ec95a42d4f51260843d7646ccdcfcb6ee33f7da53178e080acb11d9db8_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:3fa9449daa00266fc428a9a83c880567ae162600bcfb7b545706aa2b02587e6c_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:a39c492781b5bb2f42ffd10c994a8ee80e67bcfe9ad1f27852095af72ef4efef_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:617e3802d60b6ccdd0a9d99d72d6917644664c0c40ba3a53c54ce2b8d8c73383_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:c93481d8b8768f4e18f0ca43cbfaee1a27ce2ca6122f2505302b8f899b039efb_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:f49446872837dbb08f5f60bbec882ac0a042f344dd2ce42588aad5bc4e987773_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:afabcf0da6779927c712a1f17a6f2813652d6f2591d14b338d7498e6412c5f94_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:c86d69ba6b201c3ba0bb2bb4cba1d3b50170bdd74bdf59cb73542960df40873a_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:ebbf0c175574c323e2434e1150210758bb8591cf044f6467c64ed1795e741f14_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:0e3ae1aa2219d8de710ace3511b43ba4c51de1f4f1ee5800923a7cd2922c39f8_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:ef8552429ef57e8aca62643443692f29bd5cba6fa987375a6e8e74e6bc2e93f4_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:f3febe52ab74ed6173f603315c48611de3de5e60a40312df9971fee901c54984_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:1b163f346b6cd925a092c529050eb241b4e68432d65dbaf728c1d83450462c12_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:8792677bd15a8b3e7bf593fb4057c63930eb89d50072774908bb5df3761dbcc1_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:e086f4f26ba7d4392dc127bbba7ac065e0a24d51e9cd21d04b7beb4de2fc38d6_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:721ab4359de7a70f5b3832a387e4ff18c98f8d2cfd1efd934bd1116cd68fdf29_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8f7ec7a5e1e12c111e1e7021ed3a15f618df928320612edd8bd5afa43243b7d5_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8fd4970929196a9cece5e881785f49bebcb7372f045f455d64a4cc20924ebdbf_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:0c232efe123daef18fd2025236c7fa43d58dd261afabe30537ad71e6e01b90d3_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:7268afc10ac20b12b69426be691afe20395ed9a278850e4ea1f672b50f83299a_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:99b524381910c0f0b6979107795b30171b7a823d9af4cd80cb44f846a64868f0_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2882d2ef3e926340bf0d98958adad4d7933bdc9145417e362a1c95627c3fed45_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2ce08569c5cac0d137554f6d9a224d243f76a16f86eaa94ea77dfea5889218af_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:4cd6d47d20af9bc294fe0223dffa5c06d78ecc512ba07d9e0064f6d2e43bd6c4_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be"
},
{
"acknowledgments": [
{
"names": [
"Adam Korczynski"
],
"organization": "ADA Logics"
},
{
"names": [
"OSS-Fuzz"
]
}
],
"cve": "CVE-2022-2879",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2022-10-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:5dfa0bcc7229240a63b0f2827ff8b8a89d67e338e997003ecf0519a124ea60c9_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:75ae154f741911e2b514fee0ae344c3da1d10f52ee2b96705ddbc08580e02b50_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:85bc34ec14e604e1d2aa23a78f30cceb8e39d9c4cb5d3f50abb20285398116f4_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:617e3802d60b6ccdd0a9d99d72d6917644664c0c40ba3a53c54ce2b8d8c73383_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:c93481d8b8768f4e18f0ca43cbfaee1a27ce2ca6122f2505302b8f899b039efb_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:f49446872837dbb08f5f60bbec882ac0a042f344dd2ce42588aad5bc4e987773_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:0e3ae1aa2219d8de710ace3511b43ba4c51de1f4f1ee5800923a7cd2922c39f8_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:ef8552429ef57e8aca62643443692f29bd5cba6fa987375a6e8e74e6bc2e93f4_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:f3febe52ab74ed6173f603315c48611de3de5e60a40312df9971fee901c54984_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2132867"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package, where Reader.Read does not set a limit on the maximum size of file headers. After fixing, Reader.Read limits the maximum size of header blocks to 1 MiB. This flaw allows a maliciously crafted archive to cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panic.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/tar: github.com/vbatts/tar-split: unbounded memory consumption when reading headers",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.\n\n\nThis flaw additionally affects the github.com/vbatts/tar-split library and was fixed in v0.12.1.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:0fcec6ec95a42d4f51260843d7646ccdcfcb6ee33f7da53178e080acb11d9db8_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:3fa9449daa00266fc428a9a83c880567ae162600bcfb7b545706aa2b02587e6c_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:a39c492781b5bb2f42ffd10c994a8ee80e67bcfe9ad1f27852095af72ef4efef_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:afabcf0da6779927c712a1f17a6f2813652d6f2591d14b338d7498e6412c5f94_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:c86d69ba6b201c3ba0bb2bb4cba1d3b50170bdd74bdf59cb73542960df40873a_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:ebbf0c175574c323e2434e1150210758bb8591cf044f6467c64ed1795e741f14_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:1b163f346b6cd925a092c529050eb241b4e68432d65dbaf728c1d83450462c12_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:8792677bd15a8b3e7bf593fb4057c63930eb89d50072774908bb5df3761dbcc1_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:e086f4f26ba7d4392dc127bbba7ac065e0a24d51e9cd21d04b7beb4de2fc38d6_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:721ab4359de7a70f5b3832a387e4ff18c98f8d2cfd1efd934bd1116cd68fdf29_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8f7ec7a5e1e12c111e1e7021ed3a15f618df928320612edd8bd5afa43243b7d5_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8fd4970929196a9cece5e881785f49bebcb7372f045f455d64a4cc20924ebdbf_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:0c232efe123daef18fd2025236c7fa43d58dd261afabe30537ad71e6e01b90d3_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:7268afc10ac20b12b69426be691afe20395ed9a278850e4ea1f672b50f83299a_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:99b524381910c0f0b6979107795b30171b7a823d9af4cd80cb44f846a64868f0_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2882d2ef3e926340bf0d98958adad4d7933bdc9145417e362a1c95627c3fed45_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2ce08569c5cac0d137554f6d9a224d243f76a16f86eaa94ea77dfea5889218af_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:4cd6d47d20af9bc294fe0223dffa5c06d78ecc512ba07d9e0064f6d2e43bd6c4_ppc64le"
],
"known_not_affected": [
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:5dfa0bcc7229240a63b0f2827ff8b8a89d67e338e997003ecf0519a124ea60c9_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:75ae154f741911e2b514fee0ae344c3da1d10f52ee2b96705ddbc08580e02b50_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:85bc34ec14e604e1d2aa23a78f30cceb8e39d9c4cb5d3f50abb20285398116f4_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:617e3802d60b6ccdd0a9d99d72d6917644664c0c40ba3a53c54ce2b8d8c73383_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:c93481d8b8768f4e18f0ca43cbfaee1a27ce2ca6122f2505302b8f899b039efb_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:f49446872837dbb08f5f60bbec882ac0a042f344dd2ce42588aad5bc4e987773_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:0e3ae1aa2219d8de710ace3511b43ba4c51de1f4f1ee5800923a7cd2922c39f8_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:ef8552429ef57e8aca62643443692f29bd5cba6fa987375a6e8e74e6bc2e93f4_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:f3febe52ab74ed6173f603315c48611de3de5e60a40312df9971fee901c54984_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-2879"
},
{
"category": "external",
"summary": "RHBZ#2132867",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132867"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-2879",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2879"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2879",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2879"
},
{
"category": "external",
"summary": "https://github.com/golang/go/issues/54853",
"url": "https://github.com/golang/go/issues/54853"
},
{
"category": "external",
"summary": "https://github.com/vbatts/tar-split/releases/tag/v0.12.1",
"url": "https://github.com/vbatts/tar-split/releases/tag/v0.12.1"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1",
"url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1"
}
],
"release_date": "2022-10-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-30T17:18:54+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:0fcec6ec95a42d4f51260843d7646ccdcfcb6ee33f7da53178e080acb11d9db8_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:3fa9449daa00266fc428a9a83c880567ae162600bcfb7b545706aa2b02587e6c_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:a39c492781b5bb2f42ffd10c994a8ee80e67bcfe9ad1f27852095af72ef4efef_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:afabcf0da6779927c712a1f17a6f2813652d6f2591d14b338d7498e6412c5f94_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:c86d69ba6b201c3ba0bb2bb4cba1d3b50170bdd74bdf59cb73542960df40873a_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:ebbf0c175574c323e2434e1150210758bb8591cf044f6467c64ed1795e741f14_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:1b163f346b6cd925a092c529050eb241b4e68432d65dbaf728c1d83450462c12_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:8792677bd15a8b3e7bf593fb4057c63930eb89d50072774908bb5df3761dbcc1_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:e086f4f26ba7d4392dc127bbba7ac065e0a24d51e9cd21d04b7beb4de2fc38d6_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:721ab4359de7a70f5b3832a387e4ff18c98f8d2cfd1efd934bd1116cd68fdf29_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8f7ec7a5e1e12c111e1e7021ed3a15f618df928320612edd8bd5afa43243b7d5_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8fd4970929196a9cece5e881785f49bebcb7372f045f455d64a4cc20924ebdbf_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:0c232efe123daef18fd2025236c7fa43d58dd261afabe30537ad71e6e01b90d3_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:7268afc10ac20b12b69426be691afe20395ed9a278850e4ea1f672b50f83299a_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:99b524381910c0f0b6979107795b30171b7a823d9af4cd80cb44f846a64868f0_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2882d2ef3e926340bf0d98958adad4d7933bdc9145417e362a1c95627c3fed45_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2ce08569c5cac0d137554f6d9a224d243f76a16f86eaa94ea77dfea5889218af_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:4cd6d47d20af9bc294fe0223dffa5c06d78ecc512ba07d9e0064f6d2e43bd6c4_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0542"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:5dfa0bcc7229240a63b0f2827ff8b8a89d67e338e997003ecf0519a124ea60c9_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:75ae154f741911e2b514fee0ae344c3da1d10f52ee2b96705ddbc08580e02b50_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:85bc34ec14e604e1d2aa23a78f30cceb8e39d9c4cb5d3f50abb20285398116f4_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:0fcec6ec95a42d4f51260843d7646ccdcfcb6ee33f7da53178e080acb11d9db8_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:3fa9449daa00266fc428a9a83c880567ae162600bcfb7b545706aa2b02587e6c_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:a39c492781b5bb2f42ffd10c994a8ee80e67bcfe9ad1f27852095af72ef4efef_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:617e3802d60b6ccdd0a9d99d72d6917644664c0c40ba3a53c54ce2b8d8c73383_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:c93481d8b8768f4e18f0ca43cbfaee1a27ce2ca6122f2505302b8f899b039efb_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:f49446872837dbb08f5f60bbec882ac0a042f344dd2ce42588aad5bc4e987773_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:afabcf0da6779927c712a1f17a6f2813652d6f2591d14b338d7498e6412c5f94_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:c86d69ba6b201c3ba0bb2bb4cba1d3b50170bdd74bdf59cb73542960df40873a_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:ebbf0c175574c323e2434e1150210758bb8591cf044f6467c64ed1795e741f14_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:0e3ae1aa2219d8de710ace3511b43ba4c51de1f4f1ee5800923a7cd2922c39f8_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:ef8552429ef57e8aca62643443692f29bd5cba6fa987375a6e8e74e6bc2e93f4_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:f3febe52ab74ed6173f603315c48611de3de5e60a40312df9971fee901c54984_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:1b163f346b6cd925a092c529050eb241b4e68432d65dbaf728c1d83450462c12_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:8792677bd15a8b3e7bf593fb4057c63930eb89d50072774908bb5df3761dbcc1_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:e086f4f26ba7d4392dc127bbba7ac065e0a24d51e9cd21d04b7beb4de2fc38d6_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:721ab4359de7a70f5b3832a387e4ff18c98f8d2cfd1efd934bd1116cd68fdf29_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8f7ec7a5e1e12c111e1e7021ed3a15f618df928320612edd8bd5afa43243b7d5_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8fd4970929196a9cece5e881785f49bebcb7372f045f455d64a4cc20924ebdbf_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:0c232efe123daef18fd2025236c7fa43d58dd261afabe30537ad71e6e01b90d3_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:7268afc10ac20b12b69426be691afe20395ed9a278850e4ea1f672b50f83299a_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:99b524381910c0f0b6979107795b30171b7a823d9af4cd80cb44f846a64868f0_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2882d2ef3e926340bf0d98958adad4d7933bdc9145417e362a1c95627c3fed45_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2ce08569c5cac0d137554f6d9a224d243f76a16f86eaa94ea77dfea5889218af_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:4cd6d47d20af9bc294fe0223dffa5c06d78ecc512ba07d9e0064f6d2e43bd6c4_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: archive/tar: github.com/vbatts/tar-split: unbounded memory consumption when reading headers"
},
{
"acknowledgments": [
{
"names": [
"Daniel Abeles"
],
"organization": "Head of Research, Oxeye"
},
{
"names": [
"Gal Goldstein"
],
"organization": "Security Researcher, Oxeye"
}
],
"cve": "CVE-2022-2880",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2022-10-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:5dfa0bcc7229240a63b0f2827ff8b8a89d67e338e997003ecf0519a124ea60c9_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:75ae154f741911e2b514fee0ae344c3da1d10f52ee2b96705ddbc08580e02b50_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:85bc34ec14e604e1d2aa23a78f30cceb8e39d9c4cb5d3f50abb20285398116f4_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:617e3802d60b6ccdd0a9d99d72d6917644664c0c40ba3a53c54ce2b8d8c73383_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:c93481d8b8768f4e18f0ca43cbfaee1a27ce2ca6122f2505302b8f899b039efb_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:f49446872837dbb08f5f60bbec882ac0a042f344dd2ce42588aad5bc4e987773_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:0e3ae1aa2219d8de710ace3511b43ba4c51de1f4f1ee5800923a7cd2922c39f8_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:ef8552429ef57e8aca62643443692f29bd5cba6fa987375a6e8e74e6bc2e93f4_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:f3febe52ab74ed6173f603315c48611de3de5e60a40312df9971fee901c54984_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2132868"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After the fix, the reverse proxy sanitizes the query parameters in the forwarded query when the outbound request\u0027s form field is set after the reverse proxy. The director function returns, indicating that the proxy has parsed the query parameters. Proxies that do not parse query parameters continue to forward the original query parameters unchanged.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity to exploit this vulnerability is limited to the Golang runtime. In the case of the OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:0fcec6ec95a42d4f51260843d7646ccdcfcb6ee33f7da53178e080acb11d9db8_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:3fa9449daa00266fc428a9a83c880567ae162600bcfb7b545706aa2b02587e6c_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:a39c492781b5bb2f42ffd10c994a8ee80e67bcfe9ad1f27852095af72ef4efef_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:afabcf0da6779927c712a1f17a6f2813652d6f2591d14b338d7498e6412c5f94_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:c86d69ba6b201c3ba0bb2bb4cba1d3b50170bdd74bdf59cb73542960df40873a_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:ebbf0c175574c323e2434e1150210758bb8591cf044f6467c64ed1795e741f14_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:1b163f346b6cd925a092c529050eb241b4e68432d65dbaf728c1d83450462c12_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:8792677bd15a8b3e7bf593fb4057c63930eb89d50072774908bb5df3761dbcc1_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:e086f4f26ba7d4392dc127bbba7ac065e0a24d51e9cd21d04b7beb4de2fc38d6_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:721ab4359de7a70f5b3832a387e4ff18c98f8d2cfd1efd934bd1116cd68fdf29_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8f7ec7a5e1e12c111e1e7021ed3a15f618df928320612edd8bd5afa43243b7d5_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8fd4970929196a9cece5e881785f49bebcb7372f045f455d64a4cc20924ebdbf_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:0c232efe123daef18fd2025236c7fa43d58dd261afabe30537ad71e6e01b90d3_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:7268afc10ac20b12b69426be691afe20395ed9a278850e4ea1f672b50f83299a_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:99b524381910c0f0b6979107795b30171b7a823d9af4cd80cb44f846a64868f0_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2882d2ef3e926340bf0d98958adad4d7933bdc9145417e362a1c95627c3fed45_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2ce08569c5cac0d137554f6d9a224d243f76a16f86eaa94ea77dfea5889218af_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:4cd6d47d20af9bc294fe0223dffa5c06d78ecc512ba07d9e0064f6d2e43bd6c4_ppc64le"
],
"known_not_affected": [
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:5dfa0bcc7229240a63b0f2827ff8b8a89d67e338e997003ecf0519a124ea60c9_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:75ae154f741911e2b514fee0ae344c3da1d10f52ee2b96705ddbc08580e02b50_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:85bc34ec14e604e1d2aa23a78f30cceb8e39d9c4cb5d3f50abb20285398116f4_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:617e3802d60b6ccdd0a9d99d72d6917644664c0c40ba3a53c54ce2b8d8c73383_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:c93481d8b8768f4e18f0ca43cbfaee1a27ce2ca6122f2505302b8f899b039efb_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:f49446872837dbb08f5f60bbec882ac0a042f344dd2ce42588aad5bc4e987773_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:0e3ae1aa2219d8de710ace3511b43ba4c51de1f4f1ee5800923a7cd2922c39f8_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:ef8552429ef57e8aca62643443692f29bd5cba6fa987375a6e8e74e6bc2e93f4_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:f3febe52ab74ed6173f603315c48611de3de5e60a40312df9971fee901c54984_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-2880"
},
{
"category": "external",
"summary": "RHBZ#2132868",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132868"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-2880",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2880"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2880",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2880"
},
{
"category": "external",
"summary": "https://github.com/golang/go/issues/54663",
"url": "https://github.com/golang/go/issues/54663"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1",
"url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1"
}
],
"release_date": "2022-10-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-30T17:18:54+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:0fcec6ec95a42d4f51260843d7646ccdcfcb6ee33f7da53178e080acb11d9db8_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:3fa9449daa00266fc428a9a83c880567ae162600bcfb7b545706aa2b02587e6c_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:a39c492781b5bb2f42ffd10c994a8ee80e67bcfe9ad1f27852095af72ef4efef_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:afabcf0da6779927c712a1f17a6f2813652d6f2591d14b338d7498e6412c5f94_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:c86d69ba6b201c3ba0bb2bb4cba1d3b50170bdd74bdf59cb73542960df40873a_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:ebbf0c175574c323e2434e1150210758bb8591cf044f6467c64ed1795e741f14_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:1b163f346b6cd925a092c529050eb241b4e68432d65dbaf728c1d83450462c12_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:8792677bd15a8b3e7bf593fb4057c63930eb89d50072774908bb5df3761dbcc1_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:e086f4f26ba7d4392dc127bbba7ac065e0a24d51e9cd21d04b7beb4de2fc38d6_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:721ab4359de7a70f5b3832a387e4ff18c98f8d2cfd1efd934bd1116cd68fdf29_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8f7ec7a5e1e12c111e1e7021ed3a15f618df928320612edd8bd5afa43243b7d5_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8fd4970929196a9cece5e881785f49bebcb7372f045f455d64a4cc20924ebdbf_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:0c232efe123daef18fd2025236c7fa43d58dd261afabe30537ad71e6e01b90d3_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:7268afc10ac20b12b69426be691afe20395ed9a278850e4ea1f672b50f83299a_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:99b524381910c0f0b6979107795b30171b7a823d9af4cd80cb44f846a64868f0_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2882d2ef3e926340bf0d98958adad4d7933bdc9145417e362a1c95627c3fed45_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2ce08569c5cac0d137554f6d9a224d243f76a16f86eaa94ea77dfea5889218af_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:4cd6d47d20af9bc294fe0223dffa5c06d78ecc512ba07d9e0064f6d2e43bd6c4_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0542"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:5dfa0bcc7229240a63b0f2827ff8b8a89d67e338e997003ecf0519a124ea60c9_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:75ae154f741911e2b514fee0ae344c3da1d10f52ee2b96705ddbc08580e02b50_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:85bc34ec14e604e1d2aa23a78f30cceb8e39d9c4cb5d3f50abb20285398116f4_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:0fcec6ec95a42d4f51260843d7646ccdcfcb6ee33f7da53178e080acb11d9db8_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:3fa9449daa00266fc428a9a83c880567ae162600bcfb7b545706aa2b02587e6c_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:a39c492781b5bb2f42ffd10c994a8ee80e67bcfe9ad1f27852095af72ef4efef_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:617e3802d60b6ccdd0a9d99d72d6917644664c0c40ba3a53c54ce2b8d8c73383_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:c93481d8b8768f4e18f0ca43cbfaee1a27ce2ca6122f2505302b8f899b039efb_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:f49446872837dbb08f5f60bbec882ac0a042f344dd2ce42588aad5bc4e987773_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:afabcf0da6779927c712a1f17a6f2813652d6f2591d14b338d7498e6412c5f94_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:c86d69ba6b201c3ba0bb2bb4cba1d3b50170bdd74bdf59cb73542960df40873a_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:ebbf0c175574c323e2434e1150210758bb8591cf044f6467c64ed1795e741f14_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:0e3ae1aa2219d8de710ace3511b43ba4c51de1f4f1ee5800923a7cd2922c39f8_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:ef8552429ef57e8aca62643443692f29bd5cba6fa987375a6e8e74e6bc2e93f4_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:f3febe52ab74ed6173f603315c48611de3de5e60a40312df9971fee901c54984_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:1b163f346b6cd925a092c529050eb241b4e68432d65dbaf728c1d83450462c12_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:8792677bd15a8b3e7bf593fb4057c63930eb89d50072774908bb5df3761dbcc1_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:e086f4f26ba7d4392dc127bbba7ac065e0a24d51e9cd21d04b7beb4de2fc38d6_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:721ab4359de7a70f5b3832a387e4ff18c98f8d2cfd1efd934bd1116cd68fdf29_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8f7ec7a5e1e12c111e1e7021ed3a15f618df928320612edd8bd5afa43243b7d5_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8fd4970929196a9cece5e881785f49bebcb7372f045f455d64a4cc20924ebdbf_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:0c232efe123daef18fd2025236c7fa43d58dd261afabe30537ad71e6e01b90d3_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:7268afc10ac20b12b69426be691afe20395ed9a278850e4ea1f672b50f83299a_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:99b524381910c0f0b6979107795b30171b7a823d9af4cd80cb44f846a64868f0_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2882d2ef3e926340bf0d98958adad4d7933bdc9145417e362a1c95627c3fed45_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2ce08569c5cac0d137554f6d9a224d243f76a16f86eaa94ea77dfea5889218af_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:4cd6d47d20af9bc294fe0223dffa5c06d78ecc512ba07d9e0064f6d2e43bd6c4_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters"
},
{
"acknowledgments": [
{
"names": [
"John Mazzitelli"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2022-3962",
"cwe": {
"id": "CWE-74",
"name": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)"
},
"discovery_date": "2022-11-11T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:5dfa0bcc7229240a63b0f2827ff8b8a89d67e338e997003ecf0519a124ea60c9_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:75ae154f741911e2b514fee0ae344c3da1d10f52ee2b96705ddbc08580e02b50_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:85bc34ec14e604e1d2aa23a78f30cceb8e39d9c4cb5d3f50abb20285398116f4_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:0fcec6ec95a42d4f51260843d7646ccdcfcb6ee33f7da53178e080acb11d9db8_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:3fa9449daa00266fc428a9a83c880567ae162600bcfb7b545706aa2b02587e6c_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:a39c492781b5bb2f42ffd10c994a8ee80e67bcfe9ad1f27852095af72ef4efef_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:617e3802d60b6ccdd0a9d99d72d6917644664c0c40ba3a53c54ce2b8d8c73383_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:c93481d8b8768f4e18f0ca43cbfaee1a27ce2ca6122f2505302b8f899b039efb_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:f49446872837dbb08f5f60bbec882ac0a042f344dd2ce42588aad5bc4e987773_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:afabcf0da6779927c712a1f17a6f2813652d6f2591d14b338d7498e6412c5f94_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:c86d69ba6b201c3ba0bb2bb4cba1d3b50170bdd74bdf59cb73542960df40873a_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:ebbf0c175574c323e2434e1150210758bb8591cf044f6467c64ed1795e741f14_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:1b163f346b6cd925a092c529050eb241b4e68432d65dbaf728c1d83450462c12_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:8792677bd15a8b3e7bf593fb4057c63930eb89d50072774908bb5df3761dbcc1_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:e086f4f26ba7d4392dc127bbba7ac065e0a24d51e9cd21d04b7beb4de2fc38d6_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:721ab4359de7a70f5b3832a387e4ff18c98f8d2cfd1efd934bd1116cd68fdf29_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8f7ec7a5e1e12c111e1e7021ed3a15f618df928320612edd8bd5afa43243b7d5_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8fd4970929196a9cece5e881785f49bebcb7372f045f455d64a4cc20924ebdbf_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:0c232efe123daef18fd2025236c7fa43d58dd261afabe30537ad71e6e01b90d3_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:7268afc10ac20b12b69426be691afe20395ed9a278850e4ea1f672b50f83299a_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:99b524381910c0f0b6979107795b30171b7a823d9af4cd80cb44f846a64868f0_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2882d2ef3e926340bf0d98958adad4d7933bdc9145417e362a1c95627c3fed45_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2ce08569c5cac0d137554f6d9a224d243f76a16f86eaa94ea77dfea5889218af_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:4cd6d47d20af9bc294fe0223dffa5c06d78ecc512ba07d9e0064f6d2e43bd6c4_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2148661"
}
],
"notes": [
{
"category": "description",
"text": "A content spoofing vulnerability was found in Kiali. It was discovered that Kiali does not implement error handling when the page or endpoint being accessed cannot be found. This issue allows an attacker to perform arbitrary text injection when an error response is retrieved from the URL being accessed.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kiali: error message spoofing in kiali UI",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:0e3ae1aa2219d8de710ace3511b43ba4c51de1f4f1ee5800923a7cd2922c39f8_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:ef8552429ef57e8aca62643443692f29bd5cba6fa987375a6e8e74e6bc2e93f4_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:f3febe52ab74ed6173f603315c48611de3de5e60a40312df9971fee901c54984_ppc64le"
],
"known_not_affected": [
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:5dfa0bcc7229240a63b0f2827ff8b8a89d67e338e997003ecf0519a124ea60c9_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:75ae154f741911e2b514fee0ae344c3da1d10f52ee2b96705ddbc08580e02b50_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:85bc34ec14e604e1d2aa23a78f30cceb8e39d9c4cb5d3f50abb20285398116f4_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:0fcec6ec95a42d4f51260843d7646ccdcfcb6ee33f7da53178e080acb11d9db8_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:3fa9449daa00266fc428a9a83c880567ae162600bcfb7b545706aa2b02587e6c_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:a39c492781b5bb2f42ffd10c994a8ee80e67bcfe9ad1f27852095af72ef4efef_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:617e3802d60b6ccdd0a9d99d72d6917644664c0c40ba3a53c54ce2b8d8c73383_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:c93481d8b8768f4e18f0ca43cbfaee1a27ce2ca6122f2505302b8f899b039efb_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:f49446872837dbb08f5f60bbec882ac0a042f344dd2ce42588aad5bc4e987773_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:afabcf0da6779927c712a1f17a6f2813652d6f2591d14b338d7498e6412c5f94_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:c86d69ba6b201c3ba0bb2bb4cba1d3b50170bdd74bdf59cb73542960df40873a_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:ebbf0c175574c323e2434e1150210758bb8591cf044f6467c64ed1795e741f14_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:1b163f346b6cd925a092c529050eb241b4e68432d65dbaf728c1d83450462c12_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:8792677bd15a8b3e7bf593fb4057c63930eb89d50072774908bb5df3761dbcc1_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:e086f4f26ba7d4392dc127bbba7ac065e0a24d51e9cd21d04b7beb4de2fc38d6_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:721ab4359de7a70f5b3832a387e4ff18c98f8d2cfd1efd934bd1116cd68fdf29_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8f7ec7a5e1e12c111e1e7021ed3a15f618df928320612edd8bd5afa43243b7d5_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8fd4970929196a9cece5e881785f49bebcb7372f045f455d64a4cc20924ebdbf_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:0c232efe123daef18fd2025236c7fa43d58dd261afabe30537ad71e6e01b90d3_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:7268afc10ac20b12b69426be691afe20395ed9a278850e4ea1f672b50f83299a_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:99b524381910c0f0b6979107795b30171b7a823d9af4cd80cb44f846a64868f0_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2882d2ef3e926340bf0d98958adad4d7933bdc9145417e362a1c95627c3fed45_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2ce08569c5cac0d137554f6d9a224d243f76a16f86eaa94ea77dfea5889218af_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:4cd6d47d20af9bc294fe0223dffa5c06d78ecc512ba07d9e0064f6d2e43bd6c4_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-3962"
},
{
"category": "external",
"summary": "RHBZ#2148661",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2148661"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-3962",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3962"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3962",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3962"
}
],
"release_date": "2022-11-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-30T17:18:54+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:0e3ae1aa2219d8de710ace3511b43ba4c51de1f4f1ee5800923a7cd2922c39f8_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:ef8552429ef57e8aca62643443692f29bd5cba6fa987375a6e8e74e6bc2e93f4_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:f3febe52ab74ed6173f603315c48611de3de5e60a40312df9971fee901c54984_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0542"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:5dfa0bcc7229240a63b0f2827ff8b8a89d67e338e997003ecf0519a124ea60c9_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:75ae154f741911e2b514fee0ae344c3da1d10f52ee2b96705ddbc08580e02b50_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:85bc34ec14e604e1d2aa23a78f30cceb8e39d9c4cb5d3f50abb20285398116f4_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:0fcec6ec95a42d4f51260843d7646ccdcfcb6ee33f7da53178e080acb11d9db8_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:3fa9449daa00266fc428a9a83c880567ae162600bcfb7b545706aa2b02587e6c_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:a39c492781b5bb2f42ffd10c994a8ee80e67bcfe9ad1f27852095af72ef4efef_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:617e3802d60b6ccdd0a9d99d72d6917644664c0c40ba3a53c54ce2b8d8c73383_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:c93481d8b8768f4e18f0ca43cbfaee1a27ce2ca6122f2505302b8f899b039efb_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:f49446872837dbb08f5f60bbec882ac0a042f344dd2ce42588aad5bc4e987773_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:afabcf0da6779927c712a1f17a6f2813652d6f2591d14b338d7498e6412c5f94_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:c86d69ba6b201c3ba0bb2bb4cba1d3b50170bdd74bdf59cb73542960df40873a_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:ebbf0c175574c323e2434e1150210758bb8591cf044f6467c64ed1795e741f14_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:0e3ae1aa2219d8de710ace3511b43ba4c51de1f4f1ee5800923a7cd2922c39f8_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:ef8552429ef57e8aca62643443692f29bd5cba6fa987375a6e8e74e6bc2e93f4_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:f3febe52ab74ed6173f603315c48611de3de5e60a40312df9971fee901c54984_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:1b163f346b6cd925a092c529050eb241b4e68432d65dbaf728c1d83450462c12_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:8792677bd15a8b3e7bf593fb4057c63930eb89d50072774908bb5df3761dbcc1_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:e086f4f26ba7d4392dc127bbba7ac065e0a24d51e9cd21d04b7beb4de2fc38d6_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:721ab4359de7a70f5b3832a387e4ff18c98f8d2cfd1efd934bd1116cd68fdf29_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8f7ec7a5e1e12c111e1e7021ed3a15f618df928320612edd8bd5afa43243b7d5_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8fd4970929196a9cece5e881785f49bebcb7372f045f455d64a4cc20924ebdbf_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:0c232efe123daef18fd2025236c7fa43d58dd261afabe30537ad71e6e01b90d3_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:7268afc10ac20b12b69426be691afe20395ed9a278850e4ea1f672b50f83299a_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:99b524381910c0f0b6979107795b30171b7a823d9af4cd80cb44f846a64868f0_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2882d2ef3e926340bf0d98958adad4d7933bdc9145417e362a1c95627c3fed45_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2ce08569c5cac0d137554f6d9a224d243f76a16f86eaa94ea77dfea5889218af_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:4cd6d47d20af9bc294fe0223dffa5c06d78ecc512ba07d9e0064f6d2e43bd6c4_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "kiali: error message spoofing in kiali UI"
},
{
"cve": "CVE-2022-27664",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-09-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:5dfa0bcc7229240a63b0f2827ff8b8a89d67e338e997003ecf0519a124ea60c9_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:75ae154f741911e2b514fee0ae344c3da1d10f52ee2b96705ddbc08580e02b50_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:85bc34ec14e604e1d2aa23a78f30cceb8e39d9c4cb5d3f50abb20285398116f4_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:617e3802d60b6ccdd0a9d99d72d6917644664c0c40ba3a53c54ce2b8d8c73383_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:c93481d8b8768f4e18f0ca43cbfaee1a27ce2ca6122f2505302b8f899b039efb_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:f49446872837dbb08f5f60bbec882ac0a042f344dd2ce42588aad5bc4e987773_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:0e3ae1aa2219d8de710ace3511b43ba4c51de1f4f1ee5800923a7cd2922c39f8_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:ef8552429ef57e8aca62643443692f29bd5cba6fa987375a6e8e74e6bc2e93f4_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:f3febe52ab74ed6173f603315c48611de3de5e60a40312df9971fee901c54984_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2124669"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: handle server errors after sending GOAWAY",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:0fcec6ec95a42d4f51260843d7646ccdcfcb6ee33f7da53178e080acb11d9db8_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:3fa9449daa00266fc428a9a83c880567ae162600bcfb7b545706aa2b02587e6c_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:a39c492781b5bb2f42ffd10c994a8ee80e67bcfe9ad1f27852095af72ef4efef_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:afabcf0da6779927c712a1f17a6f2813652d6f2591d14b338d7498e6412c5f94_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:c86d69ba6b201c3ba0bb2bb4cba1d3b50170bdd74bdf59cb73542960df40873a_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:ebbf0c175574c323e2434e1150210758bb8591cf044f6467c64ed1795e741f14_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:1b163f346b6cd925a092c529050eb241b4e68432d65dbaf728c1d83450462c12_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:8792677bd15a8b3e7bf593fb4057c63930eb89d50072774908bb5df3761dbcc1_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:e086f4f26ba7d4392dc127bbba7ac065e0a24d51e9cd21d04b7beb4de2fc38d6_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:721ab4359de7a70f5b3832a387e4ff18c98f8d2cfd1efd934bd1116cd68fdf29_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8f7ec7a5e1e12c111e1e7021ed3a15f618df928320612edd8bd5afa43243b7d5_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8fd4970929196a9cece5e881785f49bebcb7372f045f455d64a4cc20924ebdbf_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:0c232efe123daef18fd2025236c7fa43d58dd261afabe30537ad71e6e01b90d3_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:7268afc10ac20b12b69426be691afe20395ed9a278850e4ea1f672b50f83299a_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:99b524381910c0f0b6979107795b30171b7a823d9af4cd80cb44f846a64868f0_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2882d2ef3e926340bf0d98958adad4d7933bdc9145417e362a1c95627c3fed45_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2ce08569c5cac0d137554f6d9a224d243f76a16f86eaa94ea77dfea5889218af_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:4cd6d47d20af9bc294fe0223dffa5c06d78ecc512ba07d9e0064f6d2e43bd6c4_ppc64le"
],
"known_not_affected": [
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:5dfa0bcc7229240a63b0f2827ff8b8a89d67e338e997003ecf0519a124ea60c9_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:75ae154f741911e2b514fee0ae344c3da1d10f52ee2b96705ddbc08580e02b50_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:85bc34ec14e604e1d2aa23a78f30cceb8e39d9c4cb5d3f50abb20285398116f4_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:617e3802d60b6ccdd0a9d99d72d6917644664c0c40ba3a53c54ce2b8d8c73383_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:c93481d8b8768f4e18f0ca43cbfaee1a27ce2ca6122f2505302b8f899b039efb_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:f49446872837dbb08f5f60bbec882ac0a042f344dd2ce42588aad5bc4e987773_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:0e3ae1aa2219d8de710ace3511b43ba4c51de1f4f1ee5800923a7cd2922c39f8_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:ef8552429ef57e8aca62643443692f29bd5cba6fa987375a6e8e74e6bc2e93f4_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:f3febe52ab74ed6173f603315c48611de3de5e60a40312df9971fee901c54984_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-27664"
},
{
"category": "external",
"summary": "RHBZ#2124669",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124669"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-27664",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27664"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-27664",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27664"
},
{
"category": "external",
"summary": "https://go.dev/issue/54658",
"url": "https://go.dev/issue/54658"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ",
"url": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ"
}
],
"release_date": "2022-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-30T17:18:54+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:0fcec6ec95a42d4f51260843d7646ccdcfcb6ee33f7da53178e080acb11d9db8_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:3fa9449daa00266fc428a9a83c880567ae162600bcfb7b545706aa2b02587e6c_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:a39c492781b5bb2f42ffd10c994a8ee80e67bcfe9ad1f27852095af72ef4efef_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:afabcf0da6779927c712a1f17a6f2813652d6f2591d14b338d7498e6412c5f94_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:c86d69ba6b201c3ba0bb2bb4cba1d3b50170bdd74bdf59cb73542960df40873a_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:ebbf0c175574c323e2434e1150210758bb8591cf044f6467c64ed1795e741f14_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:1b163f346b6cd925a092c529050eb241b4e68432d65dbaf728c1d83450462c12_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:8792677bd15a8b3e7bf593fb4057c63930eb89d50072774908bb5df3761dbcc1_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:e086f4f26ba7d4392dc127bbba7ac065e0a24d51e9cd21d04b7beb4de2fc38d6_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:721ab4359de7a70f5b3832a387e4ff18c98f8d2cfd1efd934bd1116cd68fdf29_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8f7ec7a5e1e12c111e1e7021ed3a15f618df928320612edd8bd5afa43243b7d5_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8fd4970929196a9cece5e881785f49bebcb7372f045f455d64a4cc20924ebdbf_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:0c232efe123daef18fd2025236c7fa43d58dd261afabe30537ad71e6e01b90d3_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:7268afc10ac20b12b69426be691afe20395ed9a278850e4ea1f672b50f83299a_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:99b524381910c0f0b6979107795b30171b7a823d9af4cd80cb44f846a64868f0_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2882d2ef3e926340bf0d98958adad4d7933bdc9145417e362a1c95627c3fed45_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2ce08569c5cac0d137554f6d9a224d243f76a16f86eaa94ea77dfea5889218af_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:4cd6d47d20af9bc294fe0223dffa5c06d78ecc512ba07d9e0064f6d2e43bd6c4_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0542"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:5dfa0bcc7229240a63b0f2827ff8b8a89d67e338e997003ecf0519a124ea60c9_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:75ae154f741911e2b514fee0ae344c3da1d10f52ee2b96705ddbc08580e02b50_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:85bc34ec14e604e1d2aa23a78f30cceb8e39d9c4cb5d3f50abb20285398116f4_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:0fcec6ec95a42d4f51260843d7646ccdcfcb6ee33f7da53178e080acb11d9db8_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:3fa9449daa00266fc428a9a83c880567ae162600bcfb7b545706aa2b02587e6c_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:a39c492781b5bb2f42ffd10c994a8ee80e67bcfe9ad1f27852095af72ef4efef_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:617e3802d60b6ccdd0a9d99d72d6917644664c0c40ba3a53c54ce2b8d8c73383_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:c93481d8b8768f4e18f0ca43cbfaee1a27ce2ca6122f2505302b8f899b039efb_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:f49446872837dbb08f5f60bbec882ac0a042f344dd2ce42588aad5bc4e987773_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:afabcf0da6779927c712a1f17a6f2813652d6f2591d14b338d7498e6412c5f94_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:c86d69ba6b201c3ba0bb2bb4cba1d3b50170bdd74bdf59cb73542960df40873a_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:ebbf0c175574c323e2434e1150210758bb8591cf044f6467c64ed1795e741f14_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:0e3ae1aa2219d8de710ace3511b43ba4c51de1f4f1ee5800923a7cd2922c39f8_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:ef8552429ef57e8aca62643443692f29bd5cba6fa987375a6e8e74e6bc2e93f4_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:f3febe52ab74ed6173f603315c48611de3de5e60a40312df9971fee901c54984_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:1b163f346b6cd925a092c529050eb241b4e68432d65dbaf728c1d83450462c12_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:8792677bd15a8b3e7bf593fb4057c63930eb89d50072774908bb5df3761dbcc1_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:e086f4f26ba7d4392dc127bbba7ac065e0a24d51e9cd21d04b7beb4de2fc38d6_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:721ab4359de7a70f5b3832a387e4ff18c98f8d2cfd1efd934bd1116cd68fdf29_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8f7ec7a5e1e12c111e1e7021ed3a15f618df928320612edd8bd5afa43243b7d5_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8fd4970929196a9cece5e881785f49bebcb7372f045f455d64a4cc20924ebdbf_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:0c232efe123daef18fd2025236c7fa43d58dd261afabe30537ad71e6e01b90d3_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:7268afc10ac20b12b69426be691afe20395ed9a278850e4ea1f672b50f83299a_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:99b524381910c0f0b6979107795b30171b7a823d9af4cd80cb44f846a64868f0_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2882d2ef3e926340bf0d98958adad4d7933bdc9145417e362a1c95627c3fed45_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2ce08569c5cac0d137554f6d9a224d243f76a16f86eaa94ea77dfea5889218af_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:4cd6d47d20af9bc294fe0223dffa5c06d78ecc512ba07d9e0064f6d2e43bd6c4_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: handle server errors after sending GOAWAY"
},
{
"cve": "CVE-2022-32189",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-08-02T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:5dfa0bcc7229240a63b0f2827ff8b8a89d67e338e997003ecf0519a124ea60c9_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:75ae154f741911e2b514fee0ae344c3da1d10f52ee2b96705ddbc08580e02b50_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:85bc34ec14e604e1d2aa23a78f30cceb8e39d9c4cb5d3f50abb20285398116f4_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:617e3802d60b6ccdd0a9d99d72d6917644664c0c40ba3a53c54ce2b8d8c73383_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:c93481d8b8768f4e18f0ca43cbfaee1a27ce2ca6122f2505302b8f899b039efb_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:f49446872837dbb08f5f60bbec882ac0a042f344dd2ce42588aad5bc4e987773_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:0e3ae1aa2219d8de710ace3511b43ba4c51de1f4f1ee5800923a7cd2922c39f8_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:ef8552429ef57e8aca62643443692f29bd5cba6fa987375a6e8e74e6bc2e93f4_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:f3febe52ab74ed6173f603315c48611de3de5e60a40312df9971fee901c54984_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2113814"
}
],
"notes": [
{
"category": "description",
"text": "An uncontrolled resource consumption flaw was found in Golang math/big. A too-short encoded message can cause a panic in Float.GobDecode and Rat.GobDecode in math/big in Go, potentially allowing an attacker to create a denial of service, impacting availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw stems from a particular and specific method (GoBDecode) which isn\u0027t commonly used. There are few components within Red Hat offerings which call this function. In rare cases where this method is called, the component limits possible damage or it is not possible to be triggered by an attacker. For these combined reasons the impact has been downgraded to Low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:0fcec6ec95a42d4f51260843d7646ccdcfcb6ee33f7da53178e080acb11d9db8_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:3fa9449daa00266fc428a9a83c880567ae162600bcfb7b545706aa2b02587e6c_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:a39c492781b5bb2f42ffd10c994a8ee80e67bcfe9ad1f27852095af72ef4efef_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:afabcf0da6779927c712a1f17a6f2813652d6f2591d14b338d7498e6412c5f94_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:c86d69ba6b201c3ba0bb2bb4cba1d3b50170bdd74bdf59cb73542960df40873a_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:ebbf0c175574c323e2434e1150210758bb8591cf044f6467c64ed1795e741f14_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:1b163f346b6cd925a092c529050eb241b4e68432d65dbaf728c1d83450462c12_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:8792677bd15a8b3e7bf593fb4057c63930eb89d50072774908bb5df3761dbcc1_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:e086f4f26ba7d4392dc127bbba7ac065e0a24d51e9cd21d04b7beb4de2fc38d6_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:721ab4359de7a70f5b3832a387e4ff18c98f8d2cfd1efd934bd1116cd68fdf29_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8f7ec7a5e1e12c111e1e7021ed3a15f618df928320612edd8bd5afa43243b7d5_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8fd4970929196a9cece5e881785f49bebcb7372f045f455d64a4cc20924ebdbf_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:0c232efe123daef18fd2025236c7fa43d58dd261afabe30537ad71e6e01b90d3_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:7268afc10ac20b12b69426be691afe20395ed9a278850e4ea1f672b50f83299a_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:99b524381910c0f0b6979107795b30171b7a823d9af4cd80cb44f846a64868f0_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2882d2ef3e926340bf0d98958adad4d7933bdc9145417e362a1c95627c3fed45_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2ce08569c5cac0d137554f6d9a224d243f76a16f86eaa94ea77dfea5889218af_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:4cd6d47d20af9bc294fe0223dffa5c06d78ecc512ba07d9e0064f6d2e43bd6c4_ppc64le"
],
"known_not_affected": [
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:5dfa0bcc7229240a63b0f2827ff8b8a89d67e338e997003ecf0519a124ea60c9_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:75ae154f741911e2b514fee0ae344c3da1d10f52ee2b96705ddbc08580e02b50_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:85bc34ec14e604e1d2aa23a78f30cceb8e39d9c4cb5d3f50abb20285398116f4_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:617e3802d60b6ccdd0a9d99d72d6917644664c0c40ba3a53c54ce2b8d8c73383_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:c93481d8b8768f4e18f0ca43cbfaee1a27ce2ca6122f2505302b8f899b039efb_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:f49446872837dbb08f5f60bbec882ac0a042f344dd2ce42588aad5bc4e987773_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:0e3ae1aa2219d8de710ace3511b43ba4c51de1f4f1ee5800923a7cd2922c39f8_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:ef8552429ef57e8aca62643443692f29bd5cba6fa987375a6e8e74e6bc2e93f4_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:f3febe52ab74ed6173f603315c48611de3de5e60a40312df9971fee901c54984_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-32189"
},
{
"category": "external",
"summary": "RHBZ#2113814",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2113814"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-32189",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32189"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32189",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32189"
},
{
"category": "external",
"summary": "https://go.dev/issue/53871",
"url": "https://go.dev/issue/53871"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-nuts/c/DCFSyTGM0wU",
"url": "https://groups.google.com/g/golang-nuts/c/DCFSyTGM0wU"
}
],
"release_date": "2022-08-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-30T17:18:54+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:0fcec6ec95a42d4f51260843d7646ccdcfcb6ee33f7da53178e080acb11d9db8_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:3fa9449daa00266fc428a9a83c880567ae162600bcfb7b545706aa2b02587e6c_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:a39c492781b5bb2f42ffd10c994a8ee80e67bcfe9ad1f27852095af72ef4efef_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:afabcf0da6779927c712a1f17a6f2813652d6f2591d14b338d7498e6412c5f94_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:c86d69ba6b201c3ba0bb2bb4cba1d3b50170bdd74bdf59cb73542960df40873a_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:ebbf0c175574c323e2434e1150210758bb8591cf044f6467c64ed1795e741f14_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:1b163f346b6cd925a092c529050eb241b4e68432d65dbaf728c1d83450462c12_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:8792677bd15a8b3e7bf593fb4057c63930eb89d50072774908bb5df3761dbcc1_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:e086f4f26ba7d4392dc127bbba7ac065e0a24d51e9cd21d04b7beb4de2fc38d6_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:721ab4359de7a70f5b3832a387e4ff18c98f8d2cfd1efd934bd1116cd68fdf29_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8f7ec7a5e1e12c111e1e7021ed3a15f618df928320612edd8bd5afa43243b7d5_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8fd4970929196a9cece5e881785f49bebcb7372f045f455d64a4cc20924ebdbf_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:0c232efe123daef18fd2025236c7fa43d58dd261afabe30537ad71e6e01b90d3_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:7268afc10ac20b12b69426be691afe20395ed9a278850e4ea1f672b50f83299a_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:99b524381910c0f0b6979107795b30171b7a823d9af4cd80cb44f846a64868f0_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2882d2ef3e926340bf0d98958adad4d7933bdc9145417e362a1c95627c3fed45_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2ce08569c5cac0d137554f6d9a224d243f76a16f86eaa94ea77dfea5889218af_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:4cd6d47d20af9bc294fe0223dffa5c06d78ecc512ba07d9e0064f6d2e43bd6c4_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0542"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:5dfa0bcc7229240a63b0f2827ff8b8a89d67e338e997003ecf0519a124ea60c9_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:75ae154f741911e2b514fee0ae344c3da1d10f52ee2b96705ddbc08580e02b50_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:85bc34ec14e604e1d2aa23a78f30cceb8e39d9c4cb5d3f50abb20285398116f4_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:0fcec6ec95a42d4f51260843d7646ccdcfcb6ee33f7da53178e080acb11d9db8_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:3fa9449daa00266fc428a9a83c880567ae162600bcfb7b545706aa2b02587e6c_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:a39c492781b5bb2f42ffd10c994a8ee80e67bcfe9ad1f27852095af72ef4efef_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:617e3802d60b6ccdd0a9d99d72d6917644664c0c40ba3a53c54ce2b8d8c73383_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:c93481d8b8768f4e18f0ca43cbfaee1a27ce2ca6122f2505302b8f899b039efb_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:f49446872837dbb08f5f60bbec882ac0a042f344dd2ce42588aad5bc4e987773_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:afabcf0da6779927c712a1f17a6f2813652d6f2591d14b338d7498e6412c5f94_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:c86d69ba6b201c3ba0bb2bb4cba1d3b50170bdd74bdf59cb73542960df40873a_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:ebbf0c175574c323e2434e1150210758bb8591cf044f6467c64ed1795e741f14_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:0e3ae1aa2219d8de710ace3511b43ba4c51de1f4f1ee5800923a7cd2922c39f8_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:ef8552429ef57e8aca62643443692f29bd5cba6fa987375a6e8e74e6bc2e93f4_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:f3febe52ab74ed6173f603315c48611de3de5e60a40312df9971fee901c54984_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:1b163f346b6cd925a092c529050eb241b4e68432d65dbaf728c1d83450462c12_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:8792677bd15a8b3e7bf593fb4057c63930eb89d50072774908bb5df3761dbcc1_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:e086f4f26ba7d4392dc127bbba7ac065e0a24d51e9cd21d04b7beb4de2fc38d6_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:721ab4359de7a70f5b3832a387e4ff18c98f8d2cfd1efd934bd1116cd68fdf29_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8f7ec7a5e1e12c111e1e7021ed3a15f618df928320612edd8bd5afa43243b7d5_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8fd4970929196a9cece5e881785f49bebcb7372f045f455d64a4cc20924ebdbf_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:0c232efe123daef18fd2025236c7fa43d58dd261afabe30537ad71e6e01b90d3_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:7268afc10ac20b12b69426be691afe20395ed9a278850e4ea1f672b50f83299a_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:99b524381910c0f0b6979107795b30171b7a823d9af4cd80cb44f846a64868f0_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2882d2ef3e926340bf0d98958adad4d7933bdc9145417e362a1c95627c3fed45_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2ce08569c5cac0d137554f6d9a224d243f76a16f86eaa94ea77dfea5889218af_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:4cd6d47d20af9bc294fe0223dffa5c06d78ecc512ba07d9e0064f6d2e43bd6c4_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:5dfa0bcc7229240a63b0f2827ff8b8a89d67e338e997003ecf0519a124ea60c9_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:75ae154f741911e2b514fee0ae344c3da1d10f52ee2b96705ddbc08580e02b50_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:85bc34ec14e604e1d2aa23a78f30cceb8e39d9c4cb5d3f50abb20285398116f4_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:0fcec6ec95a42d4f51260843d7646ccdcfcb6ee33f7da53178e080acb11d9db8_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:3fa9449daa00266fc428a9a83c880567ae162600bcfb7b545706aa2b02587e6c_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:a39c492781b5bb2f42ffd10c994a8ee80e67bcfe9ad1f27852095af72ef4efef_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:617e3802d60b6ccdd0a9d99d72d6917644664c0c40ba3a53c54ce2b8d8c73383_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:c93481d8b8768f4e18f0ca43cbfaee1a27ce2ca6122f2505302b8f899b039efb_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:f49446872837dbb08f5f60bbec882ac0a042f344dd2ce42588aad5bc4e987773_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:afabcf0da6779927c712a1f17a6f2813652d6f2591d14b338d7498e6412c5f94_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:c86d69ba6b201c3ba0bb2bb4cba1d3b50170bdd74bdf59cb73542960df40873a_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:ebbf0c175574c323e2434e1150210758bb8591cf044f6467c64ed1795e741f14_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:0e3ae1aa2219d8de710ace3511b43ba4c51de1f4f1ee5800923a7cd2922c39f8_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:ef8552429ef57e8aca62643443692f29bd5cba6fa987375a6e8e74e6bc2e93f4_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:f3febe52ab74ed6173f603315c48611de3de5e60a40312df9971fee901c54984_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:1b163f346b6cd925a092c529050eb241b4e68432d65dbaf728c1d83450462c12_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:8792677bd15a8b3e7bf593fb4057c63930eb89d50072774908bb5df3761dbcc1_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:e086f4f26ba7d4392dc127bbba7ac065e0a24d51e9cd21d04b7beb4de2fc38d6_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:721ab4359de7a70f5b3832a387e4ff18c98f8d2cfd1efd934bd1116cd68fdf29_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8f7ec7a5e1e12c111e1e7021ed3a15f618df928320612edd8bd5afa43243b7d5_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8fd4970929196a9cece5e881785f49bebcb7372f045f455d64a4cc20924ebdbf_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:0c232efe123daef18fd2025236c7fa43d58dd261afabe30537ad71e6e01b90d3_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:7268afc10ac20b12b69426be691afe20395ed9a278850e4ea1f672b50f83299a_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:99b524381910c0f0b6979107795b30171b7a823d9af4cd80cb44f846a64868f0_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2882d2ef3e926340bf0d98958adad4d7933bdc9145417e362a1c95627c3fed45_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2ce08569c5cac0d137554f6d9a224d243f76a16f86eaa94ea77dfea5889218af_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:4cd6d47d20af9bc294fe0223dffa5c06d78ecc512ba07d9e0064f6d2e43bd6c4_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service"
},
{
"cve": "CVE-2022-39278",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-10-13T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:5dfa0bcc7229240a63b0f2827ff8b8a89d67e338e997003ecf0519a124ea60c9_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:75ae154f741911e2b514fee0ae344c3da1d10f52ee2b96705ddbc08580e02b50_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:85bc34ec14e604e1d2aa23a78f30cceb8e39d9c4cb5d3f50abb20285398116f4_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:617e3802d60b6ccdd0a9d99d72d6917644664c0c40ba3a53c54ce2b8d8c73383_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:c93481d8b8768f4e18f0ca43cbfaee1a27ce2ca6122f2505302b8f899b039efb_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:f49446872837dbb08f5f60bbec882ac0a042f344dd2ce42588aad5bc4e987773_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:afabcf0da6779927c712a1f17a6f2813652d6f2591d14b338d7498e6412c5f94_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:c86d69ba6b201c3ba0bb2bb4cba1d3b50170bdd74bdf59cb73542960df40873a_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:ebbf0c175574c323e2434e1150210758bb8591cf044f6467c64ed1795e741f14_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:0e3ae1aa2219d8de710ace3511b43ba4c51de1f4f1ee5800923a7cd2922c39f8_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:ef8552429ef57e8aca62643443692f29bd5cba6fa987375a6e8e74e6bc2e93f4_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:f3febe52ab74ed6173f603315c48611de3de5e60a40312df9971fee901c54984_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:1b163f346b6cd925a092c529050eb241b4e68432d65dbaf728c1d83450462c12_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:8792677bd15a8b3e7bf593fb4057c63930eb89d50072774908bb5df3761dbcc1_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:e086f4f26ba7d4392dc127bbba7ac065e0a24d51e9cd21d04b7beb4de2fc38d6_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:721ab4359de7a70f5b3832a387e4ff18c98f8d2cfd1efd934bd1116cd68fdf29_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8f7ec7a5e1e12c111e1e7021ed3a15f618df928320612edd8bd5afa43243b7d5_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8fd4970929196a9cece5e881785f49bebcb7372f045f455d64a4cc20924ebdbf_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:0c232efe123daef18fd2025236c7fa43d58dd261afabe30537ad71e6e01b90d3_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:7268afc10ac20b12b69426be691afe20395ed9a278850e4ea1f672b50f83299a_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:99b524381910c0f0b6979107795b30171b7a823d9af4cd80cb44f846a64868f0_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2882d2ef3e926340bf0d98958adad4d7933bdc9145417e362a1c95627c3fed45_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2ce08569c5cac0d137554f6d9a224d243f76a16f86eaa94ea77dfea5889218af_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:4cd6d47d20af9bc294fe0223dffa5c06d78ecc512ba07d9e0064f6d2e43bd6c4_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2148199"
}
],
"notes": [
{
"category": "description",
"text": "An uncontrolled resource consumption flaw was found in the Istio control plane, istiod. This issue could allow an unauthenticated remote attacker to send a specially crafted or oversized message that could cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Istio: Denial of service attack via a specially crafted message",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:0fcec6ec95a42d4f51260843d7646ccdcfcb6ee33f7da53178e080acb11d9db8_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:3fa9449daa00266fc428a9a83c880567ae162600bcfb7b545706aa2b02587e6c_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:a39c492781b5bb2f42ffd10c994a8ee80e67bcfe9ad1f27852095af72ef4efef_s390x"
],
"known_not_affected": [
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:5dfa0bcc7229240a63b0f2827ff8b8a89d67e338e997003ecf0519a124ea60c9_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:75ae154f741911e2b514fee0ae344c3da1d10f52ee2b96705ddbc08580e02b50_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:85bc34ec14e604e1d2aa23a78f30cceb8e39d9c4cb5d3f50abb20285398116f4_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:617e3802d60b6ccdd0a9d99d72d6917644664c0c40ba3a53c54ce2b8d8c73383_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:c93481d8b8768f4e18f0ca43cbfaee1a27ce2ca6122f2505302b8f899b039efb_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:f49446872837dbb08f5f60bbec882ac0a042f344dd2ce42588aad5bc4e987773_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:afabcf0da6779927c712a1f17a6f2813652d6f2591d14b338d7498e6412c5f94_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:c86d69ba6b201c3ba0bb2bb4cba1d3b50170bdd74bdf59cb73542960df40873a_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:ebbf0c175574c323e2434e1150210758bb8591cf044f6467c64ed1795e741f14_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:0e3ae1aa2219d8de710ace3511b43ba4c51de1f4f1ee5800923a7cd2922c39f8_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:ef8552429ef57e8aca62643443692f29bd5cba6fa987375a6e8e74e6bc2e93f4_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:f3febe52ab74ed6173f603315c48611de3de5e60a40312df9971fee901c54984_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:1b163f346b6cd925a092c529050eb241b4e68432d65dbaf728c1d83450462c12_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:8792677bd15a8b3e7bf593fb4057c63930eb89d50072774908bb5df3761dbcc1_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:e086f4f26ba7d4392dc127bbba7ac065e0a24d51e9cd21d04b7beb4de2fc38d6_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:721ab4359de7a70f5b3832a387e4ff18c98f8d2cfd1efd934bd1116cd68fdf29_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8f7ec7a5e1e12c111e1e7021ed3a15f618df928320612edd8bd5afa43243b7d5_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8fd4970929196a9cece5e881785f49bebcb7372f045f455d64a4cc20924ebdbf_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:0c232efe123daef18fd2025236c7fa43d58dd261afabe30537ad71e6e01b90d3_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:7268afc10ac20b12b69426be691afe20395ed9a278850e4ea1f672b50f83299a_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:99b524381910c0f0b6979107795b30171b7a823d9af4cd80cb44f846a64868f0_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2882d2ef3e926340bf0d98958adad4d7933bdc9145417e362a1c95627c3fed45_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2ce08569c5cac0d137554f6d9a224d243f76a16f86eaa94ea77dfea5889218af_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:4cd6d47d20af9bc294fe0223dffa5c06d78ecc512ba07d9e0064f6d2e43bd6c4_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-39278"
},
{
"category": "external",
"summary": "RHBZ#2148199",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2148199"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-39278",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39278"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-39278",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39278"
},
{
"category": "external",
"summary": "https://github.com/istio/istio/security/advisories/GHSA-86vr-4wcv-mm9w",
"url": "https://github.com/istio/istio/security/advisories/GHSA-86vr-4wcv-mm9w"
},
{
"category": "external",
"summary": "https://istio.io/latest/news/security/istio-security-2022-007/",
"url": "https://istio.io/latest/news/security/istio-security-2022-007/"
}
],
"release_date": "2022-10-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-30T17:18:54+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:0fcec6ec95a42d4f51260843d7646ccdcfcb6ee33f7da53178e080acb11d9db8_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:3fa9449daa00266fc428a9a83c880567ae162600bcfb7b545706aa2b02587e6c_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:a39c492781b5bb2f42ffd10c994a8ee80e67bcfe9ad1f27852095af72ef4efef_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0542"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:5dfa0bcc7229240a63b0f2827ff8b8a89d67e338e997003ecf0519a124ea60c9_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:75ae154f741911e2b514fee0ae344c3da1d10f52ee2b96705ddbc08580e02b50_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:85bc34ec14e604e1d2aa23a78f30cceb8e39d9c4cb5d3f50abb20285398116f4_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:0fcec6ec95a42d4f51260843d7646ccdcfcb6ee33f7da53178e080acb11d9db8_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:3fa9449daa00266fc428a9a83c880567ae162600bcfb7b545706aa2b02587e6c_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:a39c492781b5bb2f42ffd10c994a8ee80e67bcfe9ad1f27852095af72ef4efef_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:617e3802d60b6ccdd0a9d99d72d6917644664c0c40ba3a53c54ce2b8d8c73383_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:c93481d8b8768f4e18f0ca43cbfaee1a27ce2ca6122f2505302b8f899b039efb_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:f49446872837dbb08f5f60bbec882ac0a042f344dd2ce42588aad5bc4e987773_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:afabcf0da6779927c712a1f17a6f2813652d6f2591d14b338d7498e6412c5f94_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:c86d69ba6b201c3ba0bb2bb4cba1d3b50170bdd74bdf59cb73542960df40873a_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:ebbf0c175574c323e2434e1150210758bb8591cf044f6467c64ed1795e741f14_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:0e3ae1aa2219d8de710ace3511b43ba4c51de1f4f1ee5800923a7cd2922c39f8_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:ef8552429ef57e8aca62643443692f29bd5cba6fa987375a6e8e74e6bc2e93f4_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:f3febe52ab74ed6173f603315c48611de3de5e60a40312df9971fee901c54984_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:1b163f346b6cd925a092c529050eb241b4e68432d65dbaf728c1d83450462c12_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:8792677bd15a8b3e7bf593fb4057c63930eb89d50072774908bb5df3761dbcc1_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:e086f4f26ba7d4392dc127bbba7ac065e0a24d51e9cd21d04b7beb4de2fc38d6_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:721ab4359de7a70f5b3832a387e4ff18c98f8d2cfd1efd934bd1116cd68fdf29_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8f7ec7a5e1e12c111e1e7021ed3a15f618df928320612edd8bd5afa43243b7d5_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8fd4970929196a9cece5e881785f49bebcb7372f045f455d64a4cc20924ebdbf_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:0c232efe123daef18fd2025236c7fa43d58dd261afabe30537ad71e6e01b90d3_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:7268afc10ac20b12b69426be691afe20395ed9a278850e4ea1f672b50f83299a_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:99b524381910c0f0b6979107795b30171b7a823d9af4cd80cb44f846a64868f0_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2882d2ef3e926340bf0d98958adad4d7933bdc9145417e362a1c95627c3fed45_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2ce08569c5cac0d137554f6d9a224d243f76a16f86eaa94ea77dfea5889218af_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:4cd6d47d20af9bc294fe0223dffa5c06d78ecc512ba07d9e0064f6d2e43bd6c4_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Istio: Denial of service attack via a specially crafted message"
},
{
"acknowledgments": [
{
"names": [
"Adam Korczynski"
],
"organization": "ADA Logics"
},
{
"names": [
"OSS-Fuzz"
]
}
],
"cve": "CVE-2022-41715",
"discovery_date": "2022-10-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:5dfa0bcc7229240a63b0f2827ff8b8a89d67e338e997003ecf0519a124ea60c9_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:75ae154f741911e2b514fee0ae344c3da1d10f52ee2b96705ddbc08580e02b50_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:85bc34ec14e604e1d2aa23a78f30cceb8e39d9c4cb5d3f50abb20285398116f4_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:617e3802d60b6ccdd0a9d99d72d6917644664c0c40ba3a53c54ce2b8d8c73383_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:c93481d8b8768f4e18f0ca43cbfaee1a27ce2ca6122f2505302b8f899b039efb_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:f49446872837dbb08f5f60bbec882ac0a042f344dd2ce42588aad5bc4e987773_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:0e3ae1aa2219d8de710ace3511b43ba4c51de1f4f1ee5800923a7cd2922c39f8_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:ef8552429ef57e8aca62643443692f29bd5cba6fa987375a6e8e74e6bc2e93f4_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:f3febe52ab74ed6173f603315c48611de3de5e60a40312df9971fee901c54984_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2132872"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package, where programs that compile regular expressions from untrusted sources are vulnerable to memory exhaustion or a denial of service. The parsed regexp representation is linear in the input size. Still, in some cases, the constant factor can be as high as 40,000, making a relatively small regexp consume larger amounts of memory. After the fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Routine use of regular expressions is unaffected.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: regexp/syntax: limit memory used by parsing regexps",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:0fcec6ec95a42d4f51260843d7646ccdcfcb6ee33f7da53178e080acb11d9db8_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:3fa9449daa00266fc428a9a83c880567ae162600bcfb7b545706aa2b02587e6c_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:a39c492781b5bb2f42ffd10c994a8ee80e67bcfe9ad1f27852095af72ef4efef_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:afabcf0da6779927c712a1f17a6f2813652d6f2591d14b338d7498e6412c5f94_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:c86d69ba6b201c3ba0bb2bb4cba1d3b50170bdd74bdf59cb73542960df40873a_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:ebbf0c175574c323e2434e1150210758bb8591cf044f6467c64ed1795e741f14_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:1b163f346b6cd925a092c529050eb241b4e68432d65dbaf728c1d83450462c12_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:8792677bd15a8b3e7bf593fb4057c63930eb89d50072774908bb5df3761dbcc1_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:e086f4f26ba7d4392dc127bbba7ac065e0a24d51e9cd21d04b7beb4de2fc38d6_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:721ab4359de7a70f5b3832a387e4ff18c98f8d2cfd1efd934bd1116cd68fdf29_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8f7ec7a5e1e12c111e1e7021ed3a15f618df928320612edd8bd5afa43243b7d5_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8fd4970929196a9cece5e881785f49bebcb7372f045f455d64a4cc20924ebdbf_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:0c232efe123daef18fd2025236c7fa43d58dd261afabe30537ad71e6e01b90d3_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:7268afc10ac20b12b69426be691afe20395ed9a278850e4ea1f672b50f83299a_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:99b524381910c0f0b6979107795b30171b7a823d9af4cd80cb44f846a64868f0_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2882d2ef3e926340bf0d98958adad4d7933bdc9145417e362a1c95627c3fed45_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2ce08569c5cac0d137554f6d9a224d243f76a16f86eaa94ea77dfea5889218af_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:4cd6d47d20af9bc294fe0223dffa5c06d78ecc512ba07d9e0064f6d2e43bd6c4_ppc64le"
],
"known_not_affected": [
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:5dfa0bcc7229240a63b0f2827ff8b8a89d67e338e997003ecf0519a124ea60c9_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:75ae154f741911e2b514fee0ae344c3da1d10f52ee2b96705ddbc08580e02b50_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:85bc34ec14e604e1d2aa23a78f30cceb8e39d9c4cb5d3f50abb20285398116f4_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:617e3802d60b6ccdd0a9d99d72d6917644664c0c40ba3a53c54ce2b8d8c73383_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:c93481d8b8768f4e18f0ca43cbfaee1a27ce2ca6122f2505302b8f899b039efb_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:f49446872837dbb08f5f60bbec882ac0a042f344dd2ce42588aad5bc4e987773_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:0e3ae1aa2219d8de710ace3511b43ba4c51de1f4f1ee5800923a7cd2922c39f8_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:ef8552429ef57e8aca62643443692f29bd5cba6fa987375a6e8e74e6bc2e93f4_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:f3febe52ab74ed6173f603315c48611de3de5e60a40312df9971fee901c54984_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41715"
},
{
"category": "external",
"summary": "RHBZ#2132872",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132872"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41715",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41715"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41715",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41715"
},
{
"category": "external",
"summary": "https://github.com/golang/go/issues/55949",
"url": "https://github.com/golang/go/issues/55949"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1",
"url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1"
}
],
"release_date": "2022-10-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-30T17:18:54+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:0fcec6ec95a42d4f51260843d7646ccdcfcb6ee33f7da53178e080acb11d9db8_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:3fa9449daa00266fc428a9a83c880567ae162600bcfb7b545706aa2b02587e6c_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:a39c492781b5bb2f42ffd10c994a8ee80e67bcfe9ad1f27852095af72ef4efef_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:afabcf0da6779927c712a1f17a6f2813652d6f2591d14b338d7498e6412c5f94_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:c86d69ba6b201c3ba0bb2bb4cba1d3b50170bdd74bdf59cb73542960df40873a_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:ebbf0c175574c323e2434e1150210758bb8591cf044f6467c64ed1795e741f14_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:1b163f346b6cd925a092c529050eb241b4e68432d65dbaf728c1d83450462c12_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:8792677bd15a8b3e7bf593fb4057c63930eb89d50072774908bb5df3761dbcc1_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:e086f4f26ba7d4392dc127bbba7ac065e0a24d51e9cd21d04b7beb4de2fc38d6_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:721ab4359de7a70f5b3832a387e4ff18c98f8d2cfd1efd934bd1116cd68fdf29_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8f7ec7a5e1e12c111e1e7021ed3a15f618df928320612edd8bd5afa43243b7d5_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8fd4970929196a9cece5e881785f49bebcb7372f045f455d64a4cc20924ebdbf_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:0c232efe123daef18fd2025236c7fa43d58dd261afabe30537ad71e6e01b90d3_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:7268afc10ac20b12b69426be691afe20395ed9a278850e4ea1f672b50f83299a_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:99b524381910c0f0b6979107795b30171b7a823d9af4cd80cb44f846a64868f0_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2882d2ef3e926340bf0d98958adad4d7933bdc9145417e362a1c95627c3fed45_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2ce08569c5cac0d137554f6d9a224d243f76a16f86eaa94ea77dfea5889218af_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:4cd6d47d20af9bc294fe0223dffa5c06d78ecc512ba07d9e0064f6d2e43bd6c4_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0542"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:5dfa0bcc7229240a63b0f2827ff8b8a89d67e338e997003ecf0519a124ea60c9_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:75ae154f741911e2b514fee0ae344c3da1d10f52ee2b96705ddbc08580e02b50_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:85bc34ec14e604e1d2aa23a78f30cceb8e39d9c4cb5d3f50abb20285398116f4_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:0fcec6ec95a42d4f51260843d7646ccdcfcb6ee33f7da53178e080acb11d9db8_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:3fa9449daa00266fc428a9a83c880567ae162600bcfb7b545706aa2b02587e6c_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:a39c492781b5bb2f42ffd10c994a8ee80e67bcfe9ad1f27852095af72ef4efef_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:617e3802d60b6ccdd0a9d99d72d6917644664c0c40ba3a53c54ce2b8d8c73383_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:c93481d8b8768f4e18f0ca43cbfaee1a27ce2ca6122f2505302b8f899b039efb_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:f49446872837dbb08f5f60bbec882ac0a042f344dd2ce42588aad5bc4e987773_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:afabcf0da6779927c712a1f17a6f2813652d6f2591d14b338d7498e6412c5f94_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:c86d69ba6b201c3ba0bb2bb4cba1d3b50170bdd74bdf59cb73542960df40873a_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:ebbf0c175574c323e2434e1150210758bb8591cf044f6467c64ed1795e741f14_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:0e3ae1aa2219d8de710ace3511b43ba4c51de1f4f1ee5800923a7cd2922c39f8_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:ef8552429ef57e8aca62643443692f29bd5cba6fa987375a6e8e74e6bc2e93f4_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:f3febe52ab74ed6173f603315c48611de3de5e60a40312df9971fee901c54984_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:1b163f346b6cd925a092c529050eb241b4e68432d65dbaf728c1d83450462c12_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:8792677bd15a8b3e7bf593fb4057c63930eb89d50072774908bb5df3761dbcc1_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:e086f4f26ba7d4392dc127bbba7ac065e0a24d51e9cd21d04b7beb4de2fc38d6_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:721ab4359de7a70f5b3832a387e4ff18c98f8d2cfd1efd934bd1116cd68fdf29_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8f7ec7a5e1e12c111e1e7021ed3a15f618df928320612edd8bd5afa43243b7d5_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8fd4970929196a9cece5e881785f49bebcb7372f045f455d64a4cc20924ebdbf_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:0c232efe123daef18fd2025236c7fa43d58dd261afabe30537ad71e6e01b90d3_ppc64le",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:7268afc10ac20b12b69426be691afe20395ed9a278850e4ea1f672b50f83299a_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:99b524381910c0f0b6979107795b30171b7a823d9af4cd80cb44f846a64868f0_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2882d2ef3e926340bf0d98958adad4d7933bdc9145417e362a1c95627c3fed45_amd64",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2ce08569c5cac0d137554f6d9a224d243f76a16f86eaa94ea77dfea5889218af_s390x",
"8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:4cd6d47d20af9bc294fe0223dffa5c06d78ecc512ba07d9e0064f6d2e43bd6c4_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: regexp/syntax: limit memory used by parsing regexps"
}
]
}
RHSA-2023:0584
Vulnerability from csaf_redhat - Published: 2023-05-18 14:27 - Updated: 2026-05-27 08:35Summary
Red Hat Security Advisory: Secondary Scheduler Operator for Red Hat OpenShift 1.1.1 security update
Severity
Moderate
Notes
Topic: Secondary Scheduler Operator for Red Hat OpenShift 1.1.1
Red Hat Product Security has rated this update as having a security impact of
Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives
a
detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
Details: Secondary Scheduler Operator for Red Hat OpenShift 1.1.1
Security Fix(es):
* golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880)
* golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)
* golang: net/url: JoinPath does not strip relative path components in all circumstances (CVE-2022-32190)
* golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715)
* golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)
* golang: crypto/tls: large handshake records may cause panics (CVE-2022-41724)
* golang: net/http, mime/multipart: denial of service from excessive resource consumption (CVE-2022-41725)
* golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service (CVE-2022-32189)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After the fix, the reverse proxy sanitizes the query parameters in the forwarded query when the outbound request's form field is set after the reverse proxy. The director function returns, indicating that the proxy has parsed the query parameters. Proxies that do not parse query parameters continue to forward the original query parameters unchanged.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:13581442e0c3534437ba716096f7aad0c7d78a6bac74ffaaaac1c43605861d83_amd64 | — |
Vendor Fix
fix
|
Known not affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:bae76f2dbbc1900048dc213026a284d7b8ef2cc07a0708eeafacacf14ae511b6_amd64 | — |
Threats
Impact
Moderate
A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:13581442e0c3534437ba716096f7aad0c7d78a6bac74ffaaaac1c43605861d83_amd64 | — |
Vendor Fix
fix
|
Known not affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:bae76f2dbbc1900048dc213026a284d7b8ef2cc07a0708eeafacacf14ae511b6_amd64 | — |
Threats
Impact
Moderate
An uncontrolled resource consumption flaw was found in Golang math/big. A too-short encoded message can cause a panic in Float.GobDecode and Rat.GobDecode in math/big in Go, potentially allowing an attacker to create a denial of service, impacting availability.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:13581442e0c3534437ba716096f7aad0c7d78a6bac74ffaaaac1c43605861d83_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:bae76f2dbbc1900048dc213026a284d7b8ef2cc07a0708eeafacacf14ae511b6_amd64 | — |
Workaround
|
Threats
Impact
Low
A flaw was found in the golang package. The JoinPath doesn't remove the ../ path components appended to a domain that is not terminated by a slash, possibly leading to a directory traversal attack.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:13581442e0c3534437ba716096f7aad0c7d78a6bac74ffaaaac1c43605861d83_amd64 | — |
Vendor Fix
fix
|
Known not affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:bae76f2dbbc1900048dc213026a284d7b8ef2cc07a0708eeafacacf14ae511b6_amd64 | — |
Threats
Impact
Moderate
A flaw was found in the golang package, where programs that compile regular expressions from untrusted sources are vulnerable to memory exhaustion or a denial of service. The parsed regexp representation is linear in the input size. Still, in some cases, the constant factor can be as high as 40,000, making a relatively small regexp consume larger amounts of memory. After the fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Routine use of regular expressions is unaffected.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:13581442e0c3534437ba716096f7aad0c7d78a6bac74ffaaaac1c43605861d83_amd64 | — |
Vendor Fix
fix
|
Known not affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:bae76f2dbbc1900048dc213026a284d7b8ef2cc07a0708eeafacacf14ae511b6_amd64 | — |
Threats
Impact
Moderate
A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.
5.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:13581442e0c3534437ba716096f7aad0c7d78a6bac74ffaaaac1c43605861d83_amd64 | — |
Vendor Fix
fix
|
Known not affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:bae76f2dbbc1900048dc213026a284d7b8ef2cc07a0708eeafacacf14ae511b6_amd64 | — |
Threats
Impact
Moderate
A flaw was found in Golang Go, where it is vulnerable to a denial of service caused when processing large TLS handshake records. By sending specially-crafted TLS handshake records, a remote, authenticated attacker can cause a denial of service condition.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:13581442e0c3534437ba716096f7aad0c7d78a6bac74ffaaaac1c43605861d83_amd64 | — |
Vendor Fix
fix
|
Known not affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:bae76f2dbbc1900048dc213026a284d7b8ef2cc07a0708eeafacacf14ae511b6_amd64 | — |
Threats
Impact
Moderate
A flaw was found in Go, where it is vulnerable to a denial of service caused by an excessive resource consumption flaw in the net/http and mime/multipart packages. By sending a specially-crafted request, a remote attacker can cause a denial of service.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:13581442e0c3534437ba716096f7aad0c7d78a6bac74ffaaaac1c43605861d83_amd64 | — |
Vendor Fix
fix
|
Known not affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:bae76f2dbbc1900048dc213026a284d7b8ef2cc07a0708eeafacacf14ae511b6_amd64 | — |
Threats
Impact
Moderate
References
64 references
Acknowledgments
Head of Research, Oxeye
Daniel Abeles
Security Researcher, Oxeye
Gal Goldstein
ADA Logics
Adam Korczynski
OSS-Fuzz
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Secondary Scheduler Operator for Red Hat OpenShift 1.1.1\n\nRed Hat Product Security has rated this update as having a security impact of\nModerate. A Common Vulnerability Scoring System (CVSS) base score, which gives\na\ndetailed severity rating, is available for each vulnerability from the CVE\nlink(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Secondary Scheduler Operator for Red Hat OpenShift 1.1.1\n\nSecurity Fix(es):\n\n* golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880)\n* golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)\n* golang: net/url: JoinPath does not strip relative path components in all circumstances (CVE-2022-32190)\n* golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715)\n* golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)\n* golang: crypto/tls: large handshake records may cause panics (CVE-2022-41724)\n* golang: net/http, mime/multipart: denial of service from excessive resource consumption (CVE-2022-41725)\n* golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service (CVE-2022-32189)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE page(s)\nlisted in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:0584",
"url": "https://access.redhat.com/errata/RHSA-2023:0584"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2113814",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2113814"
},
{
"category": "external",
"summary": "2124668",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124668"
},
{
"category": "external",
"summary": "2124669",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124669"
},
{
"category": "external",
"summary": "2132868",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132868"
},
{
"category": "external",
"summary": "2132872",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132872"
},
{
"category": "external",
"summary": "2161274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161274"
},
{
"category": "external",
"summary": "2178488",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2178488"
},
{
"category": "external",
"summary": "2178492",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2178492"
},
{
"category": "external",
"summary": "WRKLDS-653",
"url": "https://issues.redhat.com/browse/WRKLDS-653"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_0584.json"
}
],
"title": "Red Hat Security Advisory: Secondary Scheduler Operator for Red Hat OpenShift 1.1.1 security update",
"tracking": {
"current_release_date": "2026-05-27T08:35:48+00:00",
"generator": {
"date": "2026-05-27T08:35:48+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2023:0584",
"initial_release_date": "2023-05-18T14:27:34+00:00",
"revision_history": [
{
"date": "2023-05-18T14:27:34+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-05-18T14:27:34+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-27T08:35:48+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "OSSO 1.1 for RHEL 8",
"product": {
"name": "OSSO 1.1 for RHEL 8",
"product_id": "8Base-OSSO-1.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_secondary_scheduler:1.1::el8"
}
}
}
],
"category": "product_family",
"name": "Openshift Secondary Scheduler Operator"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:bae76f2dbbc1900048dc213026a284d7b8ef2cc07a0708eeafacacf14ae511b6_amd64",
"product": {
"name": "openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:bae76f2dbbc1900048dc213026a284d7b8ef2cc07a0708eeafacacf14ae511b6_amd64",
"product_id": "openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:bae76f2dbbc1900048dc213026a284d7b8ef2cc07a0708eeafacacf14ae511b6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/secondary-scheduler-operator-bundle@sha256:bae76f2dbbc1900048dc213026a284d7b8ef2cc07a0708eeafacacf14ae511b6?arch=amd64\u0026repository_url=registry.redhat.io/openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle\u0026tag=v1.1-26"
}
}
},
{
"category": "product_version",
"name": "openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:13581442e0c3534437ba716096f7aad0c7d78a6bac74ffaaaac1c43605861d83_amd64",
"product": {
"name": "openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:13581442e0c3534437ba716096f7aad0c7d78a6bac74ffaaaac1c43605861d83_amd64",
"product_id": "openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:13581442e0c3534437ba716096f7aad0c7d78a6bac74ffaaaac1c43605861d83_amd64",
"product_identification_helper": {
"purl": "pkg:oci/secondary-scheduler-operator-rhel8@sha256:13581442e0c3534437ba716096f7aad0c7d78a6bac74ffaaaac1c43605861d83?arch=amd64\u0026repository_url=registry.redhat.io/openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8\u0026tag=v1.1-26"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:bae76f2dbbc1900048dc213026a284d7b8ef2cc07a0708eeafacacf14ae511b6_amd64 as a component of OSSO 1.1 for RHEL 8",
"product_id": "8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:bae76f2dbbc1900048dc213026a284d7b8ef2cc07a0708eeafacacf14ae511b6_amd64"
},
"product_reference": "openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:bae76f2dbbc1900048dc213026a284d7b8ef2cc07a0708eeafacacf14ae511b6_amd64",
"relates_to_product_reference": "8Base-OSSO-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:13581442e0c3534437ba716096f7aad0c7d78a6bac74ffaaaac1c43605861d83_amd64 as a component of OSSO 1.1 for RHEL 8",
"product_id": "8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:13581442e0c3534437ba716096f7aad0c7d78a6bac74ffaaaac1c43605861d83_amd64"
},
"product_reference": "openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:13581442e0c3534437ba716096f7aad0c7d78a6bac74ffaaaac1c43605861d83_amd64",
"relates_to_product_reference": "8Base-OSSO-1.1"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Daniel Abeles"
],
"organization": "Head of Research, Oxeye"
},
{
"names": [
"Gal Goldstein"
],
"organization": "Security Researcher, Oxeye"
}
],
"cve": "CVE-2022-2880",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2022-10-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:bae76f2dbbc1900048dc213026a284d7b8ef2cc07a0708eeafacacf14ae511b6_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2132868"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After the fix, the reverse proxy sanitizes the query parameters in the forwarded query when the outbound request\u0027s form field is set after the reverse proxy. The director function returns, indicating that the proxy has parsed the query parameters. Proxies that do not parse query parameters continue to forward the original query parameters unchanged.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity to exploit this vulnerability is limited to the Golang runtime. In the case of the OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:13581442e0c3534437ba716096f7aad0c7d78a6bac74ffaaaac1c43605861d83_amd64"
],
"known_not_affected": [
"8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:bae76f2dbbc1900048dc213026a284d7b8ef2cc07a0708eeafacacf14ae511b6_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-2880"
},
{
"category": "external",
"summary": "RHBZ#2132868",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132868"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-2880",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2880"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2880",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2880"
},
{
"category": "external",
"summary": "https://github.com/golang/go/issues/54663",
"url": "https://github.com/golang/go/issues/54663"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1",
"url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1"
}
],
"release_date": "2022-10-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-18T14:27:34+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:13581442e0c3534437ba716096f7aad0c7d78a6bac74ffaaaac1c43605861d83_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0584"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:bae76f2dbbc1900048dc213026a284d7b8ef2cc07a0708eeafacacf14ae511b6_amd64",
"8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:13581442e0c3534437ba716096f7aad0c7d78a6bac74ffaaaac1c43605861d83_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters"
},
{
"cve": "CVE-2022-27664",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-09-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:bae76f2dbbc1900048dc213026a284d7b8ef2cc07a0708eeafacacf14ae511b6_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2124669"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: handle server errors after sending GOAWAY",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:13581442e0c3534437ba716096f7aad0c7d78a6bac74ffaaaac1c43605861d83_amd64"
],
"known_not_affected": [
"8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:bae76f2dbbc1900048dc213026a284d7b8ef2cc07a0708eeafacacf14ae511b6_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-27664"
},
{
"category": "external",
"summary": "RHBZ#2124669",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124669"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-27664",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27664"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-27664",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27664"
},
{
"category": "external",
"summary": "https://go.dev/issue/54658",
"url": "https://go.dev/issue/54658"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ",
"url": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ"
}
],
"release_date": "2022-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-18T14:27:34+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:13581442e0c3534437ba716096f7aad0c7d78a6bac74ffaaaac1c43605861d83_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0584"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:bae76f2dbbc1900048dc213026a284d7b8ef2cc07a0708eeafacacf14ae511b6_amd64",
"8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:13581442e0c3534437ba716096f7aad0c7d78a6bac74ffaaaac1c43605861d83_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: handle server errors after sending GOAWAY"
},
{
"cve": "CVE-2022-32189",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-08-02T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:bae76f2dbbc1900048dc213026a284d7b8ef2cc07a0708eeafacacf14ae511b6_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2113814"
}
],
"notes": [
{
"category": "description",
"text": "An uncontrolled resource consumption flaw was found in Golang math/big. A too-short encoded message can cause a panic in Float.GobDecode and Rat.GobDecode in math/big in Go, potentially allowing an attacker to create a denial of service, impacting availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw stems from a particular and specific method (GoBDecode) which isn\u0027t commonly used. There are few components within Red Hat offerings which call this function. In rare cases where this method is called, the component limits possible damage or it is not possible to be triggered by an attacker. For these combined reasons the impact has been downgraded to Low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:13581442e0c3534437ba716096f7aad0c7d78a6bac74ffaaaac1c43605861d83_amd64"
],
"known_not_affected": [
"8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:bae76f2dbbc1900048dc213026a284d7b8ef2cc07a0708eeafacacf14ae511b6_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-32189"
},
{
"category": "external",
"summary": "RHBZ#2113814",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2113814"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-32189",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32189"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32189",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32189"
},
{
"category": "external",
"summary": "https://go.dev/issue/53871",
"url": "https://go.dev/issue/53871"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-nuts/c/DCFSyTGM0wU",
"url": "https://groups.google.com/g/golang-nuts/c/DCFSyTGM0wU"
}
],
"release_date": "2022-08-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-18T14:27:34+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:13581442e0c3534437ba716096f7aad0c7d78a6bac74ffaaaac1c43605861d83_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0584"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:bae76f2dbbc1900048dc213026a284d7b8ef2cc07a0708eeafacacf14ae511b6_amd64",
"8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:13581442e0c3534437ba716096f7aad0c7d78a6bac74ffaaaac1c43605861d83_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:bae76f2dbbc1900048dc213026a284d7b8ef2cc07a0708eeafacacf14ae511b6_amd64",
"8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:13581442e0c3534437ba716096f7aad0c7d78a6bac74ffaaaac1c43605861d83_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service"
},
{
"cve": "CVE-2022-32190",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2022-09-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:bae76f2dbbc1900048dc213026a284d7b8ef2cc07a0708eeafacacf14ae511b6_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2124668"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package. The JoinPath doesn\u0027t remove the ../ path components appended to a domain that is not terminated by a slash, possibly leading to a directory traversal attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: JoinPath does not strip relative path components in all circumstances",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The vulnerable functions, JoinPath and URL.JoinPath was introduced in upstream go1.19, whereas, RHEL ships go1.17 and go1.18 versions, which does not contain the vulnerable code. Hence, packages shipped with RHEL-8, RHEL-9 are not affected.\n\nAll Y stream releases of OpenShift Container Platform 4 run on RHEL-8 or RHEL-9, so OCP 4 is also not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:13581442e0c3534437ba716096f7aad0c7d78a6bac74ffaaaac1c43605861d83_amd64"
],
"known_not_affected": [
"8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:bae76f2dbbc1900048dc213026a284d7b8ef2cc07a0708eeafacacf14ae511b6_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-32190"
},
{
"category": "external",
"summary": "RHBZ#2124668",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124668"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-32190",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32190"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32190",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32190"
},
{
"category": "external",
"summary": "https://go.dev/issue/54385",
"url": "https://go.dev/issue/54385"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ",
"url": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ"
}
],
"release_date": "2022-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-18T14:27:34+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:13581442e0c3534437ba716096f7aad0c7d78a6bac74ffaaaac1c43605861d83_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0584"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:bae76f2dbbc1900048dc213026a284d7b8ef2cc07a0708eeafacacf14ae511b6_amd64",
"8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:13581442e0c3534437ba716096f7aad0c7d78a6bac74ffaaaac1c43605861d83_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/url: JoinPath does not strip relative path components in all circumstances"
},
{
"acknowledgments": [
{
"names": [
"Adam Korczynski"
],
"organization": "ADA Logics"
},
{
"names": [
"OSS-Fuzz"
]
}
],
"cve": "CVE-2022-41715",
"discovery_date": "2022-10-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:bae76f2dbbc1900048dc213026a284d7b8ef2cc07a0708eeafacacf14ae511b6_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2132872"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package, where programs that compile regular expressions from untrusted sources are vulnerable to memory exhaustion or a denial of service. The parsed regexp representation is linear in the input size. Still, in some cases, the constant factor can be as high as 40,000, making a relatively small regexp consume larger amounts of memory. After the fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Routine use of regular expressions is unaffected.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: regexp/syntax: limit memory used by parsing regexps",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:13581442e0c3534437ba716096f7aad0c7d78a6bac74ffaaaac1c43605861d83_amd64"
],
"known_not_affected": [
"8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:bae76f2dbbc1900048dc213026a284d7b8ef2cc07a0708eeafacacf14ae511b6_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41715"
},
{
"category": "external",
"summary": "RHBZ#2132872",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132872"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41715",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41715"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41715",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41715"
},
{
"category": "external",
"summary": "https://github.com/golang/go/issues/55949",
"url": "https://github.com/golang/go/issues/55949"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1",
"url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1"
}
],
"release_date": "2022-10-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-18T14:27:34+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:13581442e0c3534437ba716096f7aad0c7d78a6bac74ffaaaac1c43605861d83_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0584"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:bae76f2dbbc1900048dc213026a284d7b8ef2cc07a0708eeafacacf14ae511b6_amd64",
"8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:13581442e0c3534437ba716096f7aad0c7d78a6bac74ffaaaac1c43605861d83_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: regexp/syntax: limit memory used by parsing regexps"
},
{
"cve": "CVE-2022-41717",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-01-16T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:bae76f2dbbc1900048dc213026a284d7b8ef2cc07a0708eeafacacf14ae511b6_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2161274"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Within Red Hat OpenShift Container Platform, the grafana container is listed as will not fix. Since OCP 4.10, Grafana itself is not shipped and the Grafana web server is protected behind an OAuth proxy server.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:13581442e0c3534437ba716096f7aad0c7d78a6bac74ffaaaac1c43605861d83_amd64"
],
"known_not_affected": [
"8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:bae76f2dbbc1900048dc213026a284d7b8ef2cc07a0708eeafacacf14ae511b6_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41717"
},
{
"category": "external",
"summary": "RHBZ#2161274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161274"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41717",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41717"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41717",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41717"
},
{
"category": "external",
"summary": "https://go.dev/cl/455635",
"url": "https://go.dev/cl/455635"
},
{
"category": "external",
"summary": "https://go.dev/cl/455717",
"url": "https://go.dev/cl/455717"
},
{
"category": "external",
"summary": "https://go.dev/issue/56350",
"url": "https://go.dev/issue/56350"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ",
"url": "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2022-1144",
"url": "https://pkg.go.dev/vuln/GO-2022-1144"
}
],
"release_date": "2022-11-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-18T14:27:34+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:13581442e0c3534437ba716096f7aad0c7d78a6bac74ffaaaac1c43605861d83_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0584"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:bae76f2dbbc1900048dc213026a284d7b8ef2cc07a0708eeafacacf14ae511b6_amd64",
"8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:13581442e0c3534437ba716096f7aad0c7d78a6bac74ffaaaac1c43605861d83_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests"
},
{
"cve": "CVE-2022-41724",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-03-15T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:bae76f2dbbc1900048dc213026a284d7b8ef2cc07a0708eeafacacf14ae511b6_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2178492"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Golang Go, where it is vulnerable to a denial of service caused when processing large TLS handshake records. By sending specially-crafted TLS handshake records, a remote, authenticated attacker can cause a denial of service condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/tls: large handshake records may cause panics",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity for a denial of service is limited to the golang runtime. In the case of the OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:13581442e0c3534437ba716096f7aad0c7d78a6bac74ffaaaac1c43605861d83_amd64"
],
"known_not_affected": [
"8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:bae76f2dbbc1900048dc213026a284d7b8ef2cc07a0708eeafacacf14ae511b6_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41724"
},
{
"category": "external",
"summary": "RHBZ#2178492",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2178492"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41724",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41724"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41724",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41724"
},
{
"category": "external",
"summary": "https://go.dev/cl/468125",
"url": "https://go.dev/cl/468125"
},
{
"category": "external",
"summary": "https://go.dev/issue/58001",
"url": "https://go.dev/issue/58001"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E",
"url": "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-1570",
"url": "https://pkg.go.dev/vuln/GO-2023-1570"
}
],
"release_date": "2023-02-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-18T14:27:34+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:13581442e0c3534437ba716096f7aad0c7d78a6bac74ffaaaac1c43605861d83_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0584"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:bae76f2dbbc1900048dc213026a284d7b8ef2cc07a0708eeafacacf14ae511b6_amd64",
"8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:13581442e0c3534437ba716096f7aad0c7d78a6bac74ffaaaac1c43605861d83_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/tls: large handshake records may cause panics"
},
{
"cve": "CVE-2022-41725",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-03-15T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:bae76f2dbbc1900048dc213026a284d7b8ef2cc07a0708eeafacacf14ae511b6_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2178488"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go, where it is vulnerable to a denial of service caused by an excessive resource consumption flaw in the net/http and mime/multipart packages. By sending a specially-crafted request, a remote attacker can cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, mime/multipart: denial of service from excessive resource consumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of the OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:13581442e0c3534437ba716096f7aad0c7d78a6bac74ffaaaac1c43605861d83_amd64"
],
"known_not_affected": [
"8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:bae76f2dbbc1900048dc213026a284d7b8ef2cc07a0708eeafacacf14ae511b6_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41725"
},
{
"category": "external",
"summary": "RHBZ#2178488",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2178488"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41725",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41725"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41725",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41725"
},
{
"category": "external",
"summary": "https://go.dev/cl/468124",
"url": "https://go.dev/cl/468124"
},
{
"category": "external",
"summary": "https://go.dev/issue/58006",
"url": "https://go.dev/issue/58006"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E",
"url": "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-1569",
"url": "https://pkg.go.dev/vuln/GO-2023-1569"
}
],
"release_date": "2023-02-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-18T14:27:34+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:13581442e0c3534437ba716096f7aad0c7d78a6bac74ffaaaac1c43605861d83_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0584"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:bae76f2dbbc1900048dc213026a284d7b8ef2cc07a0708eeafacacf14ae511b6_amd64",
"8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:13581442e0c3534437ba716096f7aad0c7d78a6bac74ffaaaac1c43605861d83_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http, mime/multipart: denial of service from excessive resource consumption"
}
]
}
RHSA-2023:0631
Vulnerability from csaf_redhat - Published: 2023-02-07 17:23 - Updated: 2026-02-17 02:10Summary
Red Hat Security Advisory: RHSA: Submariner 0.14 - bug fix and security updates
Severity
Moderate
Notes
Topic: Submariner 0.14 packages that fix various bugs and add various enhancements that are now available for Red Hat Advanced Cluster Management for Kubernetes version 2.7
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE links in the References section.
Details: Submariner enables direct networking between pods and services on different Kubernetes clusters that are either on-premises or in the cloud.
For more information about Submariner, see the Submariner open source community website at: https://submariner.io/.
This advisory contains bug fixes and enhancements to the Submariner container images.
Security fixes:
* CVE-2022-27664 golang: net/http: handle server errors after sending GOAWAY
* CVE-2022-2880 golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters
* CVE-2022-41715 golang: regexp/syntax: limit memory used by parsing regexps
* CVE-2022-41717 golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests
Bugs addressed:
* subctl diagnose firewall metrics does not work on merged kubeconfig (BZ# 2013711)
* [Submariner] - Fails to increase gateway amount after deployment (BZ# 2097381)
* Submariner gateway node does not get deleted with subctl cloud cleanup command (BZ# 2108634)
* submariner GW pods are unable to resolve the DNS of the Broker K8s API URL (BZ# 2119362)
* Submariner gateway node does not get deployed after applying ManagedClusterAddOn on Openstack (BZ# 2124219)
* unable to run subctl benchmark latency, pods fail with ImagePullBackOff (BZ# 2130326)
* [IBM Z] - Submariner addon unistallation doesnt work from ACM console (BZ# 2136442)
* Tags on AWS security group for gateway node break cloud-controller LoadBalancer (BZ# 2139477)
* RHACM - Submariner: UI support for OpenStack #19297 (ACM-1242)
* Submariner OVN support (ACM-1358)
* Submariner Azure Console support (ACM-1388)
* ManagedClusterSet consumers migrate to v1beta2 (ACM-1614)
* Submariner on disconnected ACM #22000 (ACM-1678)
* Submariner gateway: Error creating AWS security group if already exists (ACM-2055)
* Submariner gateway security group in AWS not deleted when uninstalling submariner (ACM-2057)
* The submariner-metrics-proxy pod pulls an image with wrong naming convention (ACM-2058)
* The submariner-metrics-proxy pod is not part of the Agent readiness check (ACM-2067)
* Subctl 0.14.0 prints version "vsubctl" (ACM-2132)
* managedclusters "local-cluster" not found and missing Submariner Broker CRD (ACM-2145)
* Add support of ARO to Submariner deployment (ACM-2150)
* The e2e tests execution fails for "Basic TCP connectivity" tests (ACM-2204)
* Gateway error shown "diagnose all" tests (ACM-2206)
* Submariner does not support cluster "kube-proxy ipvs mode"(ACM-2211)
* Vsphere cluster shows Pod Security admission controller warnings (ACM-2256)
* Cannot use submariner with OSP and self signed certs (ACM-2274)
* Subctl diagnose tests spawn nettest image with wrong tag nameing convention (ACM-2387)
* Subctl 0.14.1 prints version "devel" (ACM-2482)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After the fix, the reverse proxy sanitizes the query parameters in the forwarded query when the outbound request's form field is set after the reverse proxy. The director function returns, indicating that the proxy has parsed the query parameters. Proxies that do not parse query parameters continue to forward the original query parameters unchanged.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/subctl-rhel8@sha256:1dfa9cbde516c58a7889fa6765a2dedeeb1f5ca4a8bbae6073e0c5f030bb973d_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/subctl-rhel8@sha256:434c03429e8e8dc873f6f33c0091e8ae549945a7c9804c501cdd4e037fddda1d_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/subctl-rhel8@sha256:690f87d67e3a9c63a4a95bf118bcea774d43437c7e68441ea3cfbcd40194c78d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/subctl-rhel8@sha256:985b34c33af8f50a10f3f6f0056b2ff6baad2f5e152df45382d3f23048e901c7_ppc64le | — |
Vendor Fix
fix
|
Known not affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/lighthouse-agent-rhel8@sha256:135a7d6329ff7accf471f81b7cc235454a8de632d82eff7472769908dee4ea62_ppc64le | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/lighthouse-agent-rhel8@sha256:3889ac37818edf1a73a78b21117f21e03e6c5d04afce4e087df0915d29f7ae0b_arm64 | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/lighthouse-agent-rhel8@sha256:61504950ebe4601f60431611d6edcb825cf07781490dec3cf8dedf77c8bb3bc5_s390x | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/lighthouse-agent-rhel8@sha256:9b75b42c8b9cfb029e76b806e8eb9dc3178a76e358abf7a5ea56b50503f9b6e6_amd64 | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/lighthouse-coredns-rhel8@sha256:323319be40279b7c001bda0a7eae67b5662c1e7c9a9621a9ce9ec66b32ee4bbc_amd64 | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/lighthouse-coredns-rhel8@sha256:dbe8522519a073ed4620886586b4d0b467f1383d35b42ee779b60fc4733abe53_s390x | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/lighthouse-coredns-rhel8@sha256:e66ef48970b4a4755c1677687508036927717fff47d24864cee09eb169930755_ppc64le | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/lighthouse-coredns-rhel8@sha256:ed7b1d9eaa0fb5395b579214fcbb8c6c9f47147711affed6c40a9ea76e3ec5cc_arm64 | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/nettest-rhel8@sha256:21280d682e06e920a6620e823ff873dd7f26bcdf1f5e6afeaea33bd17fc90b32_arm64 | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/nettest-rhel8@sha256:80ecc8810042471f15091d785dc7c34cdb0afa7c845784c0a40a82244c51f132_ppc64le | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/nettest-rhel8@sha256:f2eb14197331ee3fc6a022f17f22ca5b8ee54f76783ffa9e581a0eca5377122e_amd64 | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/nettest-rhel8@sha256:fbfda748f9522137e99a91b4961ad2fb4e582256f1f25fb5f16d498f67dc99d8_s390x | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/submariner-gateway-rhel8@sha256:4feb9fd7fa4da86d7eefbc8b1704cda6f9c9920c1b2903aca7b136532c56c3b9_amd64 | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/submariner-gateway-rhel8@sha256:62cd51e00ca635ea41ae24b522c67b90299ce5914d72b4e89343f8eb3a8248d6_ppc64le | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/submariner-gateway-rhel8@sha256:e9157a51b02b5ba0e44f1e25bf96c7ea950ba6576935ea6be0a3b14781bc0a37_arm64 | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/submariner-gateway-rhel8@sha256:f937e339d6e3639faefecb07a91e065fd8417ddd7d094c325463719e007f56db_s390x | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/submariner-globalnet-rhel8@sha256:5924cc9a8092d6282afca8f4cdcbfd8c8fb7c5cafd86a69537b2fd619824f184_arm64 | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/submariner-globalnet-rhel8@sha256:67b56f6fbcb14caae9f1b20513d322deeed666a872ef02b5a73a5cf088183795_amd64 | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/submariner-globalnet-rhel8@sha256:7fca711199f677e53818bc75001ba8f327d3f0f3e322c11c6a187a2cfb41a9af_s390x | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/submariner-globalnet-rhel8@sha256:edbd6157d552db94cc6edba05f4a0341e5f98849d26225dbd301da4a103c67f2_ppc64le | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/submariner-networkplugin-syncer-rhel8@sha256:5d65182dd2cafc18c987f1ef9ed16b1ddffe1deef4070e821a6eeb33b1752b6e_arm64 | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/submariner-networkplugin-syncer-rhel8@sha256:98e572c91453a607b140421d5711ff9c2f0ce1a0999243868280fcb667e7632c_ppc64le | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/submariner-networkplugin-syncer-rhel8@sha256:b9444ac6e5099190de999300a06a3f2f91f01c569a83ca7ff1cfbc40a2b72174_s390x | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/submariner-networkplugin-syncer-rhel8@sha256:f8f3399de2bf019925cc85b89cc85f15049a7b135af97bdcff94aeaac5fe5762_amd64 | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/submariner-operator-bundle@sha256:5fd5a4910c4997a182ccb786fd22cf213bd651d0e14eb1645a150045bc47a779_ppc64le | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/submariner-operator-bundle@sha256:69f061caec1403b1e4f002207a0b8acdc41ada2f9c7f46767648d05672d8c8ca_amd64 | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/submariner-operator-bundle@sha256:87b55b71c541c1edbe454185d728490eb39529d2b83f8e6c8443d334f9f81f3b_s390x | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/submariner-operator-bundle@sha256:9f145c2eabacbcfa25a172a6de2516ad4a9e513c3d67b205e9a7e7069e8e4d4a_arm64 | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/submariner-rhel8-operator@sha256:3e054a396afcd57fd953856553f1c9d8f17b68ea9314a7307a9ead51dcb1f5c5_amd64 | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/submariner-rhel8-operator@sha256:727ac19ec8bbeed1a13b2ee09fe075a305c3fc3f568cfe40b499321a94061e50_ppc64le | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/submariner-rhel8-operator@sha256:c0e26f8db9a5c0691185f80e6dcdd86d6a57c61e4066fdfd10eb8e31bed1469e_s390x | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/submariner-rhel8-operator@sha256:c643fc44d3af4c3fd8671af2378bef068796fe98669b71579e50c154f2337b92_arm64 | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/submariner-route-agent-rhel8@sha256:4818471887484d8bb5ec2801c7fc98ef3cc52139c68f1f95a72ff9b54c124e3c_amd64 | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/submariner-route-agent-rhel8@sha256:5a3456edbe7796c9570bb01c6e720f4c32ba6e0a5051d0282f5b0db67fd8ea2c_arm64 | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/submariner-route-agent-rhel8@sha256:cdb405309b67640fe75ec802c5f3793b55217044f527c611b5155d6799b2e666_ppc64le | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/submariner-route-agent-rhel8@sha256:efa917cc9518c1c15ae18d290b5bd4442afcacfcd7017c4e3470c3ce87ec6da5_s390x | — |
Threats
Impact
Moderate
A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown.
6.5 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/subctl-rhel8@sha256:1dfa9cbde516c58a7889fa6765a2dedeeb1f5ca4a8bbae6073e0c5f030bb973d_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/subctl-rhel8@sha256:434c03429e8e8dc873f6f33c0091e8ae549945a7c9804c501cdd4e037fddda1d_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/subctl-rhel8@sha256:690f87d67e3a9c63a4a95bf118bcea774d43437c7e68441ea3cfbcd40194c78d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/subctl-rhel8@sha256:985b34c33af8f50a10f3f6f0056b2ff6baad2f5e152df45382d3f23048e901c7_ppc64le | — |
Vendor Fix
fix
|
Known not affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/lighthouse-agent-rhel8@sha256:135a7d6329ff7accf471f81b7cc235454a8de632d82eff7472769908dee4ea62_ppc64le | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/lighthouse-agent-rhel8@sha256:3889ac37818edf1a73a78b21117f21e03e6c5d04afce4e087df0915d29f7ae0b_arm64 | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/lighthouse-agent-rhel8@sha256:61504950ebe4601f60431611d6edcb825cf07781490dec3cf8dedf77c8bb3bc5_s390x | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/lighthouse-agent-rhel8@sha256:9b75b42c8b9cfb029e76b806e8eb9dc3178a76e358abf7a5ea56b50503f9b6e6_amd64 | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/lighthouse-coredns-rhel8@sha256:323319be40279b7c001bda0a7eae67b5662c1e7c9a9621a9ce9ec66b32ee4bbc_amd64 | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/lighthouse-coredns-rhel8@sha256:dbe8522519a073ed4620886586b4d0b467f1383d35b42ee779b60fc4733abe53_s390x | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/lighthouse-coredns-rhel8@sha256:e66ef48970b4a4755c1677687508036927717fff47d24864cee09eb169930755_ppc64le | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/lighthouse-coredns-rhel8@sha256:ed7b1d9eaa0fb5395b579214fcbb8c6c9f47147711affed6c40a9ea76e3ec5cc_arm64 | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/nettest-rhel8@sha256:21280d682e06e920a6620e823ff873dd7f26bcdf1f5e6afeaea33bd17fc90b32_arm64 | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/nettest-rhel8@sha256:80ecc8810042471f15091d785dc7c34cdb0afa7c845784c0a40a82244c51f132_ppc64le | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/nettest-rhel8@sha256:f2eb14197331ee3fc6a022f17f22ca5b8ee54f76783ffa9e581a0eca5377122e_amd64 | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/nettest-rhel8@sha256:fbfda748f9522137e99a91b4961ad2fb4e582256f1f25fb5f16d498f67dc99d8_s390x | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/submariner-gateway-rhel8@sha256:4feb9fd7fa4da86d7eefbc8b1704cda6f9c9920c1b2903aca7b136532c56c3b9_amd64 | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/submariner-gateway-rhel8@sha256:62cd51e00ca635ea41ae24b522c67b90299ce5914d72b4e89343f8eb3a8248d6_ppc64le | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/submariner-gateway-rhel8@sha256:e9157a51b02b5ba0e44f1e25bf96c7ea950ba6576935ea6be0a3b14781bc0a37_arm64 | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/submariner-gateway-rhel8@sha256:f937e339d6e3639faefecb07a91e065fd8417ddd7d094c325463719e007f56db_s390x | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/submariner-globalnet-rhel8@sha256:5924cc9a8092d6282afca8f4cdcbfd8c8fb7c5cafd86a69537b2fd619824f184_arm64 | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/submariner-globalnet-rhel8@sha256:67b56f6fbcb14caae9f1b20513d322deeed666a872ef02b5a73a5cf088183795_amd64 | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/submariner-globalnet-rhel8@sha256:7fca711199f677e53818bc75001ba8f327d3f0f3e322c11c6a187a2cfb41a9af_s390x | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/submariner-globalnet-rhel8@sha256:edbd6157d552db94cc6edba05f4a0341e5f98849d26225dbd301da4a103c67f2_ppc64le | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/submariner-networkplugin-syncer-rhel8@sha256:5d65182dd2cafc18c987f1ef9ed16b1ddffe1deef4070e821a6eeb33b1752b6e_arm64 | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/submariner-networkplugin-syncer-rhel8@sha256:98e572c91453a607b140421d5711ff9c2f0ce1a0999243868280fcb667e7632c_ppc64le | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/submariner-networkplugin-syncer-rhel8@sha256:b9444ac6e5099190de999300a06a3f2f91f01c569a83ca7ff1cfbc40a2b72174_s390x | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/submariner-networkplugin-syncer-rhel8@sha256:f8f3399de2bf019925cc85b89cc85f15049a7b135af97bdcff94aeaac5fe5762_amd64 | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/submariner-operator-bundle@sha256:5fd5a4910c4997a182ccb786fd22cf213bd651d0e14eb1645a150045bc47a779_ppc64le | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/submariner-operator-bundle@sha256:69f061caec1403b1e4f002207a0b8acdc41ada2f9c7f46767648d05672d8c8ca_amd64 | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/submariner-operator-bundle@sha256:87b55b71c541c1edbe454185d728490eb39529d2b83f8e6c8443d334f9f81f3b_s390x | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/submariner-operator-bundle@sha256:9f145c2eabacbcfa25a172a6de2516ad4a9e513c3d67b205e9a7e7069e8e4d4a_arm64 | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/submariner-rhel8-operator@sha256:3e054a396afcd57fd953856553f1c9d8f17b68ea9314a7307a9ead51dcb1f5c5_amd64 | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/submariner-rhel8-operator@sha256:727ac19ec8bbeed1a13b2ee09fe075a305c3fc3f568cfe40b499321a94061e50_ppc64le | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/submariner-rhel8-operator@sha256:c0e26f8db9a5c0691185f80e6dcdd86d6a57c61e4066fdfd10eb8e31bed1469e_s390x | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/submariner-rhel8-operator@sha256:c643fc44d3af4c3fd8671af2378bef068796fe98669b71579e50c154f2337b92_arm64 | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/submariner-route-agent-rhel8@sha256:4818471887484d8bb5ec2801c7fc98ef3cc52139c68f1f95a72ff9b54c124e3c_amd64 | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/submariner-route-agent-rhel8@sha256:5a3456edbe7796c9570bb01c6e720f4c32ba6e0a5051d0282f5b0db67fd8ea2c_arm64 | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/submariner-route-agent-rhel8@sha256:cdb405309b67640fe75ec802c5f3793b55217044f527c611b5155d6799b2e666_ppc64le | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/submariner-route-agent-rhel8@sha256:efa917cc9518c1c15ae18d290b5bd4442afcacfcd7017c4e3470c3ce87ec6da5_s390x | — |
Threats
Impact
Moderate
A flaw was found in the golang package, where programs that compile regular expressions from untrusted sources are vulnerable to memory exhaustion or a denial of service. The parsed regexp representation is linear in the input size. Still, in some cases, the constant factor can be as high as 40,000, making a relatively small regexp consume larger amounts of memory. After the fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Routine use of regular expressions is unaffected.
6.5 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/subctl-rhel8@sha256:1dfa9cbde516c58a7889fa6765a2dedeeb1f5ca4a8bbae6073e0c5f030bb973d_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/subctl-rhel8@sha256:434c03429e8e8dc873f6f33c0091e8ae549945a7c9804c501cdd4e037fddda1d_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/subctl-rhel8@sha256:690f87d67e3a9c63a4a95bf118bcea774d43437c7e68441ea3cfbcd40194c78d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/subctl-rhel8@sha256:985b34c33af8f50a10f3f6f0056b2ff6baad2f5e152df45382d3f23048e901c7_ppc64le | — |
Vendor Fix
fix
|
Known not affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/lighthouse-agent-rhel8@sha256:135a7d6329ff7accf471f81b7cc235454a8de632d82eff7472769908dee4ea62_ppc64le | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/lighthouse-agent-rhel8@sha256:3889ac37818edf1a73a78b21117f21e03e6c5d04afce4e087df0915d29f7ae0b_arm64 | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/lighthouse-agent-rhel8@sha256:61504950ebe4601f60431611d6edcb825cf07781490dec3cf8dedf77c8bb3bc5_s390x | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/lighthouse-agent-rhel8@sha256:9b75b42c8b9cfb029e76b806e8eb9dc3178a76e358abf7a5ea56b50503f9b6e6_amd64 | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/lighthouse-coredns-rhel8@sha256:323319be40279b7c001bda0a7eae67b5662c1e7c9a9621a9ce9ec66b32ee4bbc_amd64 | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/lighthouse-coredns-rhel8@sha256:dbe8522519a073ed4620886586b4d0b467f1383d35b42ee779b60fc4733abe53_s390x | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/lighthouse-coredns-rhel8@sha256:e66ef48970b4a4755c1677687508036927717fff47d24864cee09eb169930755_ppc64le | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/lighthouse-coredns-rhel8@sha256:ed7b1d9eaa0fb5395b579214fcbb8c6c9f47147711affed6c40a9ea76e3ec5cc_arm64 | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/nettest-rhel8@sha256:21280d682e06e920a6620e823ff873dd7f26bcdf1f5e6afeaea33bd17fc90b32_arm64 | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/nettest-rhel8@sha256:80ecc8810042471f15091d785dc7c34cdb0afa7c845784c0a40a82244c51f132_ppc64le | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/nettest-rhel8@sha256:f2eb14197331ee3fc6a022f17f22ca5b8ee54f76783ffa9e581a0eca5377122e_amd64 | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/nettest-rhel8@sha256:fbfda748f9522137e99a91b4961ad2fb4e582256f1f25fb5f16d498f67dc99d8_s390x | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/submariner-gateway-rhel8@sha256:4feb9fd7fa4da86d7eefbc8b1704cda6f9c9920c1b2903aca7b136532c56c3b9_amd64 | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/submariner-gateway-rhel8@sha256:62cd51e00ca635ea41ae24b522c67b90299ce5914d72b4e89343f8eb3a8248d6_ppc64le | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/submariner-gateway-rhel8@sha256:e9157a51b02b5ba0e44f1e25bf96c7ea950ba6576935ea6be0a3b14781bc0a37_arm64 | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/submariner-gateway-rhel8@sha256:f937e339d6e3639faefecb07a91e065fd8417ddd7d094c325463719e007f56db_s390x | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/submariner-globalnet-rhel8@sha256:5924cc9a8092d6282afca8f4cdcbfd8c8fb7c5cafd86a69537b2fd619824f184_arm64 | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/submariner-globalnet-rhel8@sha256:67b56f6fbcb14caae9f1b20513d322deeed666a872ef02b5a73a5cf088183795_amd64 | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/submariner-globalnet-rhel8@sha256:7fca711199f677e53818bc75001ba8f327d3f0f3e322c11c6a187a2cfb41a9af_s390x | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/submariner-globalnet-rhel8@sha256:edbd6157d552db94cc6edba05f4a0341e5f98849d26225dbd301da4a103c67f2_ppc64le | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/submariner-networkplugin-syncer-rhel8@sha256:5d65182dd2cafc18c987f1ef9ed16b1ddffe1deef4070e821a6eeb33b1752b6e_arm64 | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/submariner-networkplugin-syncer-rhel8@sha256:98e572c91453a607b140421d5711ff9c2f0ce1a0999243868280fcb667e7632c_ppc64le | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/submariner-networkplugin-syncer-rhel8@sha256:b9444ac6e5099190de999300a06a3f2f91f01c569a83ca7ff1cfbc40a2b72174_s390x | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/submariner-networkplugin-syncer-rhel8@sha256:f8f3399de2bf019925cc85b89cc85f15049a7b135af97bdcff94aeaac5fe5762_amd64 | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/submariner-operator-bundle@sha256:5fd5a4910c4997a182ccb786fd22cf213bd651d0e14eb1645a150045bc47a779_ppc64le | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/submariner-operator-bundle@sha256:69f061caec1403b1e4f002207a0b8acdc41ada2f9c7f46767648d05672d8c8ca_amd64 | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/submariner-operator-bundle@sha256:87b55b71c541c1edbe454185d728490eb39529d2b83f8e6c8443d334f9f81f3b_s390x | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/submariner-operator-bundle@sha256:9f145c2eabacbcfa25a172a6de2516ad4a9e513c3d67b205e9a7e7069e8e4d4a_arm64 | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/submariner-rhel8-operator@sha256:3e054a396afcd57fd953856553f1c9d8f17b68ea9314a7307a9ead51dcb1f5c5_amd64 | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/submariner-rhel8-operator@sha256:727ac19ec8bbeed1a13b2ee09fe075a305c3fc3f568cfe40b499321a94061e50_ppc64le | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/submariner-rhel8-operator@sha256:c0e26f8db9a5c0691185f80e6dcdd86d6a57c61e4066fdfd10eb8e31bed1469e_s390x | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/submariner-rhel8-operator@sha256:c643fc44d3af4c3fd8671af2378bef068796fe98669b71579e50c154f2337b92_arm64 | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/submariner-route-agent-rhel8@sha256:4818471887484d8bb5ec2801c7fc98ef3cc52139c68f1f95a72ff9b54c124e3c_amd64 | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/submariner-route-agent-rhel8@sha256:5a3456edbe7796c9570bb01c6e720f4c32ba6e0a5051d0282f5b0db67fd8ea2c_arm64 | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/submariner-route-agent-rhel8@sha256:cdb405309b67640fe75ec802c5f3793b55217044f527c611b5155d6799b2e666_ppc64le | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/submariner-route-agent-rhel8@sha256:efa917cc9518c1c15ae18d290b5bd4442afcacfcd7017c4e3470c3ce87ec6da5_s390x | — |
Threats
Impact
Moderate
A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.
5.3 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/subctl-rhel8@sha256:1dfa9cbde516c58a7889fa6765a2dedeeb1f5ca4a8bbae6073e0c5f030bb973d_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/subctl-rhel8@sha256:434c03429e8e8dc873f6f33c0091e8ae549945a7c9804c501cdd4e037fddda1d_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/subctl-rhel8@sha256:690f87d67e3a9c63a4a95bf118bcea774d43437c7e68441ea3cfbcd40194c78d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/subctl-rhel8@sha256:985b34c33af8f50a10f3f6f0056b2ff6baad2f5e152df45382d3f23048e901c7_ppc64le | — |
Vendor Fix
fix
|
Known not affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/lighthouse-agent-rhel8@sha256:135a7d6329ff7accf471f81b7cc235454a8de632d82eff7472769908dee4ea62_ppc64le | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/lighthouse-agent-rhel8@sha256:3889ac37818edf1a73a78b21117f21e03e6c5d04afce4e087df0915d29f7ae0b_arm64 | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/lighthouse-agent-rhel8@sha256:61504950ebe4601f60431611d6edcb825cf07781490dec3cf8dedf77c8bb3bc5_s390x | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/lighthouse-agent-rhel8@sha256:9b75b42c8b9cfb029e76b806e8eb9dc3178a76e358abf7a5ea56b50503f9b6e6_amd64 | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/lighthouse-coredns-rhel8@sha256:323319be40279b7c001bda0a7eae67b5662c1e7c9a9621a9ce9ec66b32ee4bbc_amd64 | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/lighthouse-coredns-rhel8@sha256:dbe8522519a073ed4620886586b4d0b467f1383d35b42ee779b60fc4733abe53_s390x | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/lighthouse-coredns-rhel8@sha256:e66ef48970b4a4755c1677687508036927717fff47d24864cee09eb169930755_ppc64le | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/lighthouse-coredns-rhel8@sha256:ed7b1d9eaa0fb5395b579214fcbb8c6c9f47147711affed6c40a9ea76e3ec5cc_arm64 | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/nettest-rhel8@sha256:21280d682e06e920a6620e823ff873dd7f26bcdf1f5e6afeaea33bd17fc90b32_arm64 | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/nettest-rhel8@sha256:80ecc8810042471f15091d785dc7c34cdb0afa7c845784c0a40a82244c51f132_ppc64le | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/nettest-rhel8@sha256:f2eb14197331ee3fc6a022f17f22ca5b8ee54f76783ffa9e581a0eca5377122e_amd64 | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/nettest-rhel8@sha256:fbfda748f9522137e99a91b4961ad2fb4e582256f1f25fb5f16d498f67dc99d8_s390x | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/submariner-gateway-rhel8@sha256:4feb9fd7fa4da86d7eefbc8b1704cda6f9c9920c1b2903aca7b136532c56c3b9_amd64 | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/submariner-gateway-rhel8@sha256:62cd51e00ca635ea41ae24b522c67b90299ce5914d72b4e89343f8eb3a8248d6_ppc64le | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/submariner-gateway-rhel8@sha256:e9157a51b02b5ba0e44f1e25bf96c7ea950ba6576935ea6be0a3b14781bc0a37_arm64 | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/submariner-gateway-rhel8@sha256:f937e339d6e3639faefecb07a91e065fd8417ddd7d094c325463719e007f56db_s390x | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/submariner-globalnet-rhel8@sha256:5924cc9a8092d6282afca8f4cdcbfd8c8fb7c5cafd86a69537b2fd619824f184_arm64 | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/submariner-globalnet-rhel8@sha256:67b56f6fbcb14caae9f1b20513d322deeed666a872ef02b5a73a5cf088183795_amd64 | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/submariner-globalnet-rhel8@sha256:7fca711199f677e53818bc75001ba8f327d3f0f3e322c11c6a187a2cfb41a9af_s390x | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/submariner-globalnet-rhel8@sha256:edbd6157d552db94cc6edba05f4a0341e5f98849d26225dbd301da4a103c67f2_ppc64le | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/submariner-networkplugin-syncer-rhel8@sha256:5d65182dd2cafc18c987f1ef9ed16b1ddffe1deef4070e821a6eeb33b1752b6e_arm64 | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/submariner-networkplugin-syncer-rhel8@sha256:98e572c91453a607b140421d5711ff9c2f0ce1a0999243868280fcb667e7632c_ppc64le | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/submariner-networkplugin-syncer-rhel8@sha256:b9444ac6e5099190de999300a06a3f2f91f01c569a83ca7ff1cfbc40a2b72174_s390x | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/submariner-networkplugin-syncer-rhel8@sha256:f8f3399de2bf019925cc85b89cc85f15049a7b135af97bdcff94aeaac5fe5762_amd64 | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/submariner-operator-bundle@sha256:5fd5a4910c4997a182ccb786fd22cf213bd651d0e14eb1645a150045bc47a779_ppc64le | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/submariner-operator-bundle@sha256:69f061caec1403b1e4f002207a0b8acdc41ada2f9c7f46767648d05672d8c8ca_amd64 | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/submariner-operator-bundle@sha256:87b55b71c541c1edbe454185d728490eb39529d2b83f8e6c8443d334f9f81f3b_s390x | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/submariner-operator-bundle@sha256:9f145c2eabacbcfa25a172a6de2516ad4a9e513c3d67b205e9a7e7069e8e4d4a_arm64 | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/submariner-rhel8-operator@sha256:3e054a396afcd57fd953856553f1c9d8f17b68ea9314a7307a9ead51dcb1f5c5_amd64 | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/submariner-rhel8-operator@sha256:727ac19ec8bbeed1a13b2ee09fe075a305c3fc3f568cfe40b499321a94061e50_ppc64le | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/submariner-rhel8-operator@sha256:c0e26f8db9a5c0691185f80e6dcdd86d6a57c61e4066fdfd10eb8e31bed1469e_s390x | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/submariner-rhel8-operator@sha256:c643fc44d3af4c3fd8671af2378bef068796fe98669b71579e50c154f2337b92_arm64 | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/submariner-route-agent-rhel8@sha256:4818471887484d8bb5ec2801c7fc98ef3cc52139c68f1f95a72ff9b54c124e3c_amd64 | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/submariner-route-agent-rhel8@sha256:5a3456edbe7796c9570bb01c6e720f4c32ba6e0a5051d0282f5b0db67fd8ea2c_arm64 | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/submariner-route-agent-rhel8@sha256:cdb405309b67640fe75ec802c5f3793b55217044f527c611b5155d6799b2e666_ppc64le | — | ||
| Unresolved product id: 8Base-RHACM-2.7:rhacm2/submariner-route-agent-rhel8@sha256:efa917cc9518c1c15ae18d290b5bd4442afcacfcd7017c4e3470c3ce87ec6da5_s390x | — |
Threats
Impact
Moderate
References
56 references
Acknowledgments
Head of Research, Oxeye
Daniel Abeles
Security Researcher, Oxeye
Gal Goldstein
ADA Logics
Adam Korczynski
OSS-Fuzz
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Submariner 0.14 packages that fix various bugs and add various enhancements that are now available for Red Hat Advanced Cluster Management for Kubernetes version 2.7\n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Submariner enables direct networking between pods and services on different Kubernetes clusters that are either on-premises or in the cloud.\n\nFor more information about Submariner, see the Submariner open source community website at: https://submariner.io/.\n\nThis advisory contains bug fixes and enhancements to the Submariner container images.\n\nSecurity fixes:\n\n* CVE-2022-27664 golang: net/http: handle server errors after sending GOAWAY\n* CVE-2022-2880 golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters\n* CVE-2022-41715 golang: regexp/syntax: limit memory used by parsing regexps\n* CVE-2022-41717 golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests\n\nBugs addressed:\n\n* subctl diagnose firewall metrics does not work on merged kubeconfig (BZ# 2013711)\n* [Submariner] - Fails to increase gateway amount after deployment (BZ# 2097381)\n* Submariner gateway node does not get deleted with subctl cloud cleanup command (BZ# 2108634)\n* submariner GW pods are unable to resolve the DNS of the Broker K8s API URL (BZ# 2119362)\n* Submariner gateway node does not get deployed after applying ManagedClusterAddOn on Openstack (BZ# 2124219)\n* unable to run subctl benchmark latency, pods fail with ImagePullBackOff (BZ# 2130326)\n* [IBM Z] - Submariner addon unistallation doesnt work from ACM console (BZ# 2136442)\n* Tags on AWS security group for gateway node break cloud-controller LoadBalancer (BZ# 2139477)\n* RHACM - Submariner: UI support for OpenStack #19297 (ACM-1242)\n* Submariner OVN support (ACM-1358)\n* Submariner Azure Console support (ACM-1388)\n* ManagedClusterSet consumers migrate to v1beta2 (ACM-1614)\n* Submariner on disconnected ACM #22000 (ACM-1678)\n* Submariner gateway: Error creating AWS security group if already exists (ACM-2055)\n* Submariner gateway security group in AWS not deleted when uninstalling submariner (ACM-2057)\n* The submariner-metrics-proxy pod pulls an image with wrong naming convention (ACM-2058)\n* The submariner-metrics-proxy pod is not part of the Agent readiness check (ACM-2067)\n* Subctl 0.14.0 prints version \"vsubctl\" (ACM-2132)\n* managedclusters \"local-cluster\" not found and missing Submariner Broker CRD (ACM-2145)\n* Add support of ARO to Submariner deployment (ACM-2150)\n* The e2e tests execution fails for \"Basic TCP connectivity\" tests (ACM-2204)\n* Gateway error shown \"diagnose all\" tests (ACM-2206)\n* Submariner does not support cluster \"kube-proxy ipvs mode\"(ACM-2211)\n* Vsphere cluster shows Pod Security admission controller warnings (ACM-2256)\n* Cannot use submariner with OSP and self signed certs (ACM-2274)\n* Subctl diagnose tests spawn nettest image with wrong tag nameing convention (ACM-2387)\n* Subctl 0.14.1 prints version \"devel\" (ACM-2482)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:0631",
"url": "https://access.redhat.com/errata/RHSA-2023:0631"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2013711",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2013711"
},
{
"category": "external",
"summary": "2097381",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2097381"
},
{
"category": "external",
"summary": "2108634",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2108634"
},
{
"category": "external",
"summary": "2119362",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2119362"
},
{
"category": "external",
"summary": "2124219",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124219"
},
{
"category": "external",
"summary": "2124669",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124669"
},
{
"category": "external",
"summary": "2130326",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2130326"
},
{
"category": "external",
"summary": "2132868",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132868"
},
{
"category": "external",
"summary": "2132872",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132872"
},
{
"category": "external",
"summary": "2136442",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2136442"
},
{
"category": "external",
"summary": "2139477",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2139477"
},
{
"category": "external",
"summary": "2161274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161274"
},
{
"category": "external",
"summary": "ACM-1614",
"url": "https://issues.redhat.com/browse/ACM-1614"
},
{
"category": "external",
"summary": "ACM-2055",
"url": "https://issues.redhat.com/browse/ACM-2055"
},
{
"category": "external",
"summary": "ACM-2057",
"url": "https://issues.redhat.com/browse/ACM-2057"
},
{
"category": "external",
"summary": "ACM-2058",
"url": "https://issues.redhat.com/browse/ACM-2058"
},
{
"category": "external",
"summary": "ACM-2067",
"url": "https://issues.redhat.com/browse/ACM-2067"
},
{
"category": "external",
"summary": "ACM-2132",
"url": "https://issues.redhat.com/browse/ACM-2132"
},
{
"category": "external",
"summary": "ACM-2145",
"url": "https://issues.redhat.com/browse/ACM-2145"
},
{
"category": "external",
"summary": "ACM-2150",
"url": "https://issues.redhat.com/browse/ACM-2150"
},
{
"category": "external",
"summary": "ACM-2204",
"url": "https://issues.redhat.com/browse/ACM-2204"
},
{
"category": "external",
"summary": "ACM-2206",
"url": "https://issues.redhat.com/browse/ACM-2206"
},
{
"category": "external",
"summary": "ACM-2211",
"url": "https://issues.redhat.com/browse/ACM-2211"
},
{
"category": "external",
"summary": "ACM-2256",
"url": "https://issues.redhat.com/browse/ACM-2256"
},
{
"category": "external",
"summary": "ACM-2274",
"url": "https://issues.redhat.com/browse/ACM-2274"
},
{
"category": "external",
"summary": "ACM-2387",
"url": "https://issues.redhat.com/browse/ACM-2387"
},
{
"category": "external",
"summary": "ACM-2482",
"url": "https://issues.redhat.com/browse/ACM-2482"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_0631.json"
}
],
"title": "Red Hat Security Advisory: RHSA: Submariner 0.14 - bug fix and security updates",
"tracking": {
"current_release_date": "2026-02-17T02:10:22+00:00",
"generator": {
"date": "2026-02-17T02:10:22+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.1"
}
},
"id": "RHSA-2023:0631",
"initial_release_date": "2023-02-07T17:23:40+00:00",
"revision_history": [
{
"date": "2023-02-07T17:23:40+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-02-07T17:23:40+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-17T02:10:22+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8",
"product": {
"name": "Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8",
"product_id": "8Base-RHACM-2.7",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:acm:2.7::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat ACM"
},
{
"branches": [
{
"category": "product_version",
"name": "rhacm2/lighthouse-agent-rhel8@sha256:135a7d6329ff7accf471f81b7cc235454a8de632d82eff7472769908dee4ea62_ppc64le",
"product": {
"name": "rhacm2/lighthouse-agent-rhel8@sha256:135a7d6329ff7accf471f81b7cc235454a8de632d82eff7472769908dee4ea62_ppc64le",
"product_id": "rhacm2/lighthouse-agent-rhel8@sha256:135a7d6329ff7accf471f81b7cc235454a8de632d82eff7472769908dee4ea62_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/lighthouse-agent-rhel8@sha256:135a7d6329ff7accf471f81b7cc235454a8de632d82eff7472769908dee4ea62?arch=ppc64le\u0026repository_url=registry.redhat.io/rhacm2/lighthouse-agent-rhel8\u0026tag=v0.14.1-7"
}
}
},
{
"category": "product_version",
"name": "rhacm2/lighthouse-coredns-rhel8@sha256:e66ef48970b4a4755c1677687508036927717fff47d24864cee09eb169930755_ppc64le",
"product": {
"name": "rhacm2/lighthouse-coredns-rhel8@sha256:e66ef48970b4a4755c1677687508036927717fff47d24864cee09eb169930755_ppc64le",
"product_id": "rhacm2/lighthouse-coredns-rhel8@sha256:e66ef48970b4a4755c1677687508036927717fff47d24864cee09eb169930755_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/lighthouse-coredns-rhel8@sha256:e66ef48970b4a4755c1677687508036927717fff47d24864cee09eb169930755?arch=ppc64le\u0026repository_url=registry.redhat.io/rhacm2/lighthouse-coredns-rhel8\u0026tag=v0.14.1-7"
}
}
},
{
"category": "product_version",
"name": "rhacm2/nettest-rhel8@sha256:80ecc8810042471f15091d785dc7c34cdb0afa7c845784c0a40a82244c51f132_ppc64le",
"product": {
"name": "rhacm2/nettest-rhel8@sha256:80ecc8810042471f15091d785dc7c34cdb0afa7c845784c0a40a82244c51f132_ppc64le",
"product_id": "rhacm2/nettest-rhel8@sha256:80ecc8810042471f15091d785dc7c34cdb0afa7c845784c0a40a82244c51f132_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/nettest-rhel8@sha256:80ecc8810042471f15091d785dc7c34cdb0afa7c845784c0a40a82244c51f132?arch=ppc64le\u0026repository_url=registry.redhat.io/rhacm2/nettest-rhel8\u0026tag=v0.14.1-7"
}
}
},
{
"category": "product_version",
"name": "rhacm2/subctl-rhel8@sha256:985b34c33af8f50a10f3f6f0056b2ff6baad2f5e152df45382d3f23048e901c7_ppc64le",
"product": {
"name": "rhacm2/subctl-rhel8@sha256:985b34c33af8f50a10f3f6f0056b2ff6baad2f5e152df45382d3f23048e901c7_ppc64le",
"product_id": "rhacm2/subctl-rhel8@sha256:985b34c33af8f50a10f3f6f0056b2ff6baad2f5e152df45382d3f23048e901c7_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/subctl-rhel8@sha256:985b34c33af8f50a10f3f6f0056b2ff6baad2f5e152df45382d3f23048e901c7?arch=ppc64le\u0026repository_url=registry.redhat.io/rhacm2/subctl-rhel8\u0026tag=v0.14.1-10"
}
}
},
{
"category": "product_version",
"name": "rhacm2/submariner-gateway-rhel8@sha256:62cd51e00ca635ea41ae24b522c67b90299ce5914d72b4e89343f8eb3a8248d6_ppc64le",
"product": {
"name": "rhacm2/submariner-gateway-rhel8@sha256:62cd51e00ca635ea41ae24b522c67b90299ce5914d72b4e89343f8eb3a8248d6_ppc64le",
"product_id": "rhacm2/submariner-gateway-rhel8@sha256:62cd51e00ca635ea41ae24b522c67b90299ce5914d72b4e89343f8eb3a8248d6_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/submariner-gateway-rhel8@sha256:62cd51e00ca635ea41ae24b522c67b90299ce5914d72b4e89343f8eb3a8248d6?arch=ppc64le\u0026repository_url=registry.redhat.io/rhacm2/submariner-gateway-rhel8\u0026tag=v0.14.1-7"
}
}
},
{
"category": "product_version",
"name": "rhacm2/submariner-globalnet-rhel8@sha256:edbd6157d552db94cc6edba05f4a0341e5f98849d26225dbd301da4a103c67f2_ppc64le",
"product": {
"name": "rhacm2/submariner-globalnet-rhel8@sha256:edbd6157d552db94cc6edba05f4a0341e5f98849d26225dbd301da4a103c67f2_ppc64le",
"product_id": "rhacm2/submariner-globalnet-rhel8@sha256:edbd6157d552db94cc6edba05f4a0341e5f98849d26225dbd301da4a103c67f2_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/submariner-globalnet-rhel8@sha256:edbd6157d552db94cc6edba05f4a0341e5f98849d26225dbd301da4a103c67f2?arch=ppc64le\u0026repository_url=registry.redhat.io/rhacm2/submariner-globalnet-rhel8\u0026tag=v0.14.1-10"
}
}
},
{
"category": "product_version",
"name": "rhacm2/submariner-networkplugin-syncer-rhel8@sha256:98e572c91453a607b140421d5711ff9c2f0ce1a0999243868280fcb667e7632c_ppc64le",
"product": {
"name": "rhacm2/submariner-networkplugin-syncer-rhel8@sha256:98e572c91453a607b140421d5711ff9c2f0ce1a0999243868280fcb667e7632c_ppc64le",
"product_id": "rhacm2/submariner-networkplugin-syncer-rhel8@sha256:98e572c91453a607b140421d5711ff9c2f0ce1a0999243868280fcb667e7632c_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/submariner-networkplugin-syncer-rhel8@sha256:98e572c91453a607b140421d5711ff9c2f0ce1a0999243868280fcb667e7632c?arch=ppc64le\u0026repository_url=registry.redhat.io/rhacm2/submariner-networkplugin-syncer-rhel8\u0026tag=v0.14.1-7"
}
}
},
{
"category": "product_version",
"name": "rhacm2/submariner-operator-bundle@sha256:5fd5a4910c4997a182ccb786fd22cf213bd651d0e14eb1645a150045bc47a779_ppc64le",
"product": {
"name": "rhacm2/submariner-operator-bundle@sha256:5fd5a4910c4997a182ccb786fd22cf213bd651d0e14eb1645a150045bc47a779_ppc64le",
"product_id": "rhacm2/submariner-operator-bundle@sha256:5fd5a4910c4997a182ccb786fd22cf213bd651d0e14eb1645a150045bc47a779_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/submariner-operator-bundle@sha256:5fd5a4910c4997a182ccb786fd22cf213bd651d0e14eb1645a150045bc47a779?arch=ppc64le\u0026repository_url=registry.redhat.io/rhacm2/submariner-operator-bundle\u0026tag=v0.14.1-16"
}
}
},
{
"category": "product_version",
"name": "rhacm2/submariner-rhel8-operator@sha256:727ac19ec8bbeed1a13b2ee09fe075a305c3fc3f568cfe40b499321a94061e50_ppc64le",
"product": {
"name": "rhacm2/submariner-rhel8-operator@sha256:727ac19ec8bbeed1a13b2ee09fe075a305c3fc3f568cfe40b499321a94061e50_ppc64le",
"product_id": "rhacm2/submariner-rhel8-operator@sha256:727ac19ec8bbeed1a13b2ee09fe075a305c3fc3f568cfe40b499321a94061e50_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/submariner-rhel8-operator@sha256:727ac19ec8bbeed1a13b2ee09fe075a305c3fc3f568cfe40b499321a94061e50?arch=ppc64le\u0026repository_url=registry.redhat.io/rhacm2/submariner-rhel8-operator\u0026tag=v0.14.1-9"
}
}
},
{
"category": "product_version",
"name": "rhacm2/submariner-route-agent-rhel8@sha256:cdb405309b67640fe75ec802c5f3793b55217044f527c611b5155d6799b2e666_ppc64le",
"product": {
"name": "rhacm2/submariner-route-agent-rhel8@sha256:cdb405309b67640fe75ec802c5f3793b55217044f527c611b5155d6799b2e666_ppc64le",
"product_id": "rhacm2/submariner-route-agent-rhel8@sha256:cdb405309b67640fe75ec802c5f3793b55217044f527c611b5155d6799b2e666_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/submariner-route-agent-rhel8@sha256:cdb405309b67640fe75ec802c5f3793b55217044f527c611b5155d6799b2e666?arch=ppc64le\u0026repository_url=registry.redhat.io/rhacm2/submariner-route-agent-rhel8\u0026tag=v0.14.1-7"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "rhacm2/lighthouse-agent-rhel8@sha256:3889ac37818edf1a73a78b21117f21e03e6c5d04afce4e087df0915d29f7ae0b_arm64",
"product": {
"name": "rhacm2/lighthouse-agent-rhel8@sha256:3889ac37818edf1a73a78b21117f21e03e6c5d04afce4e087df0915d29f7ae0b_arm64",
"product_id": "rhacm2/lighthouse-agent-rhel8@sha256:3889ac37818edf1a73a78b21117f21e03e6c5d04afce4e087df0915d29f7ae0b_arm64",
"product_identification_helper": {
"purl": "pkg:oci/lighthouse-agent-rhel8@sha256:3889ac37818edf1a73a78b21117f21e03e6c5d04afce4e087df0915d29f7ae0b?arch=arm64\u0026repository_url=registry.redhat.io/rhacm2/lighthouse-agent-rhel8\u0026tag=v0.14.1-7"
}
}
},
{
"category": "product_version",
"name": "rhacm2/lighthouse-coredns-rhel8@sha256:ed7b1d9eaa0fb5395b579214fcbb8c6c9f47147711affed6c40a9ea76e3ec5cc_arm64",
"product": {
"name": "rhacm2/lighthouse-coredns-rhel8@sha256:ed7b1d9eaa0fb5395b579214fcbb8c6c9f47147711affed6c40a9ea76e3ec5cc_arm64",
"product_id": "rhacm2/lighthouse-coredns-rhel8@sha256:ed7b1d9eaa0fb5395b579214fcbb8c6c9f47147711affed6c40a9ea76e3ec5cc_arm64",
"product_identification_helper": {
"purl": "pkg:oci/lighthouse-coredns-rhel8@sha256:ed7b1d9eaa0fb5395b579214fcbb8c6c9f47147711affed6c40a9ea76e3ec5cc?arch=arm64\u0026repository_url=registry.redhat.io/rhacm2/lighthouse-coredns-rhel8\u0026tag=v0.14.1-7"
}
}
},
{
"category": "product_version",
"name": "rhacm2/nettest-rhel8@sha256:21280d682e06e920a6620e823ff873dd7f26bcdf1f5e6afeaea33bd17fc90b32_arm64",
"product": {
"name": "rhacm2/nettest-rhel8@sha256:21280d682e06e920a6620e823ff873dd7f26bcdf1f5e6afeaea33bd17fc90b32_arm64",
"product_id": "rhacm2/nettest-rhel8@sha256:21280d682e06e920a6620e823ff873dd7f26bcdf1f5e6afeaea33bd17fc90b32_arm64",
"product_identification_helper": {
"purl": "pkg:oci/nettest-rhel8@sha256:21280d682e06e920a6620e823ff873dd7f26bcdf1f5e6afeaea33bd17fc90b32?arch=arm64\u0026repository_url=registry.redhat.io/rhacm2/nettest-rhel8\u0026tag=v0.14.1-7"
}
}
},
{
"category": "product_version",
"name": "rhacm2/subctl-rhel8@sha256:1dfa9cbde516c58a7889fa6765a2dedeeb1f5ca4a8bbae6073e0c5f030bb973d_arm64",
"product": {
"name": "rhacm2/subctl-rhel8@sha256:1dfa9cbde516c58a7889fa6765a2dedeeb1f5ca4a8bbae6073e0c5f030bb973d_arm64",
"product_id": "rhacm2/subctl-rhel8@sha256:1dfa9cbde516c58a7889fa6765a2dedeeb1f5ca4a8bbae6073e0c5f030bb973d_arm64",
"product_identification_helper": {
"purl": "pkg:oci/subctl-rhel8@sha256:1dfa9cbde516c58a7889fa6765a2dedeeb1f5ca4a8bbae6073e0c5f030bb973d?arch=arm64\u0026repository_url=registry.redhat.io/rhacm2/subctl-rhel8\u0026tag=v0.14.1-10"
}
}
},
{
"category": "product_version",
"name": "rhacm2/submariner-gateway-rhel8@sha256:e9157a51b02b5ba0e44f1e25bf96c7ea950ba6576935ea6be0a3b14781bc0a37_arm64",
"product": {
"name": "rhacm2/submariner-gateway-rhel8@sha256:e9157a51b02b5ba0e44f1e25bf96c7ea950ba6576935ea6be0a3b14781bc0a37_arm64",
"product_id": "rhacm2/submariner-gateway-rhel8@sha256:e9157a51b02b5ba0e44f1e25bf96c7ea950ba6576935ea6be0a3b14781bc0a37_arm64",
"product_identification_helper": {
"purl": "pkg:oci/submariner-gateway-rhel8@sha256:e9157a51b02b5ba0e44f1e25bf96c7ea950ba6576935ea6be0a3b14781bc0a37?arch=arm64\u0026repository_url=registry.redhat.io/rhacm2/submariner-gateway-rhel8\u0026tag=v0.14.1-7"
}
}
},
{
"category": "product_version",
"name": "rhacm2/submariner-globalnet-rhel8@sha256:5924cc9a8092d6282afca8f4cdcbfd8c8fb7c5cafd86a69537b2fd619824f184_arm64",
"product": {
"name": "rhacm2/submariner-globalnet-rhel8@sha256:5924cc9a8092d6282afca8f4cdcbfd8c8fb7c5cafd86a69537b2fd619824f184_arm64",
"product_id": "rhacm2/submariner-globalnet-rhel8@sha256:5924cc9a8092d6282afca8f4cdcbfd8c8fb7c5cafd86a69537b2fd619824f184_arm64",
"product_identification_helper": {
"purl": "pkg:oci/submariner-globalnet-rhel8@sha256:5924cc9a8092d6282afca8f4cdcbfd8c8fb7c5cafd86a69537b2fd619824f184?arch=arm64\u0026repository_url=registry.redhat.io/rhacm2/submariner-globalnet-rhel8\u0026tag=v0.14.1-10"
}
}
},
{
"category": "product_version",
"name": "rhacm2/submariner-networkplugin-syncer-rhel8@sha256:5d65182dd2cafc18c987f1ef9ed16b1ddffe1deef4070e821a6eeb33b1752b6e_arm64",
"product": {
"name": "rhacm2/submariner-networkplugin-syncer-rhel8@sha256:5d65182dd2cafc18c987f1ef9ed16b1ddffe1deef4070e821a6eeb33b1752b6e_arm64",
"product_id": "rhacm2/submariner-networkplugin-syncer-rhel8@sha256:5d65182dd2cafc18c987f1ef9ed16b1ddffe1deef4070e821a6eeb33b1752b6e_arm64",
"product_identification_helper": {
"purl": "pkg:oci/submariner-networkplugin-syncer-rhel8@sha256:5d65182dd2cafc18c987f1ef9ed16b1ddffe1deef4070e821a6eeb33b1752b6e?arch=arm64\u0026repository_url=registry.redhat.io/rhacm2/submariner-networkplugin-syncer-rhel8\u0026tag=v0.14.1-7"
}
}
},
{
"category": "product_version",
"name": "rhacm2/submariner-operator-bundle@sha256:9f145c2eabacbcfa25a172a6de2516ad4a9e513c3d67b205e9a7e7069e8e4d4a_arm64",
"product": {
"name": "rhacm2/submariner-operator-bundle@sha256:9f145c2eabacbcfa25a172a6de2516ad4a9e513c3d67b205e9a7e7069e8e4d4a_arm64",
"product_id": "rhacm2/submariner-operator-bundle@sha256:9f145c2eabacbcfa25a172a6de2516ad4a9e513c3d67b205e9a7e7069e8e4d4a_arm64",
"product_identification_helper": {
"purl": "pkg:oci/submariner-operator-bundle@sha256:9f145c2eabacbcfa25a172a6de2516ad4a9e513c3d67b205e9a7e7069e8e4d4a?arch=arm64\u0026repository_url=registry.redhat.io/rhacm2/submariner-operator-bundle\u0026tag=v0.14.1-16"
}
}
},
{
"category": "product_version",
"name": "rhacm2/submariner-rhel8-operator@sha256:c643fc44d3af4c3fd8671af2378bef068796fe98669b71579e50c154f2337b92_arm64",
"product": {
"name": "rhacm2/submariner-rhel8-operator@sha256:c643fc44d3af4c3fd8671af2378bef068796fe98669b71579e50c154f2337b92_arm64",
"product_id": "rhacm2/submariner-rhel8-operator@sha256:c643fc44d3af4c3fd8671af2378bef068796fe98669b71579e50c154f2337b92_arm64",
"product_identification_helper": {
"purl": "pkg:oci/submariner-rhel8-operator@sha256:c643fc44d3af4c3fd8671af2378bef068796fe98669b71579e50c154f2337b92?arch=arm64\u0026repository_url=registry.redhat.io/rhacm2/submariner-rhel8-operator\u0026tag=v0.14.1-9"
}
}
},
{
"category": "product_version",
"name": "rhacm2/submariner-route-agent-rhel8@sha256:5a3456edbe7796c9570bb01c6e720f4c32ba6e0a5051d0282f5b0db67fd8ea2c_arm64",
"product": {
"name": "rhacm2/submariner-route-agent-rhel8@sha256:5a3456edbe7796c9570bb01c6e720f4c32ba6e0a5051d0282f5b0db67fd8ea2c_arm64",
"product_id": "rhacm2/submariner-route-agent-rhel8@sha256:5a3456edbe7796c9570bb01c6e720f4c32ba6e0a5051d0282f5b0db67fd8ea2c_arm64",
"product_identification_helper": {
"purl": "pkg:oci/submariner-route-agent-rhel8@sha256:5a3456edbe7796c9570bb01c6e720f4c32ba6e0a5051d0282f5b0db67fd8ea2c?arch=arm64\u0026repository_url=registry.redhat.io/rhacm2/submariner-route-agent-rhel8\u0026tag=v0.14.1-7"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "rhacm2/lighthouse-agent-rhel8@sha256:61504950ebe4601f60431611d6edcb825cf07781490dec3cf8dedf77c8bb3bc5_s390x",
"product": {
"name": "rhacm2/lighthouse-agent-rhel8@sha256:61504950ebe4601f60431611d6edcb825cf07781490dec3cf8dedf77c8bb3bc5_s390x",
"product_id": "rhacm2/lighthouse-agent-rhel8@sha256:61504950ebe4601f60431611d6edcb825cf07781490dec3cf8dedf77c8bb3bc5_s390x",
"product_identification_helper": {
"purl": "pkg:oci/lighthouse-agent-rhel8@sha256:61504950ebe4601f60431611d6edcb825cf07781490dec3cf8dedf77c8bb3bc5?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/lighthouse-agent-rhel8\u0026tag=v0.14.1-7"
}
}
},
{
"category": "product_version",
"name": "rhacm2/lighthouse-coredns-rhel8@sha256:dbe8522519a073ed4620886586b4d0b467f1383d35b42ee779b60fc4733abe53_s390x",
"product": {
"name": "rhacm2/lighthouse-coredns-rhel8@sha256:dbe8522519a073ed4620886586b4d0b467f1383d35b42ee779b60fc4733abe53_s390x",
"product_id": "rhacm2/lighthouse-coredns-rhel8@sha256:dbe8522519a073ed4620886586b4d0b467f1383d35b42ee779b60fc4733abe53_s390x",
"product_identification_helper": {
"purl": "pkg:oci/lighthouse-coredns-rhel8@sha256:dbe8522519a073ed4620886586b4d0b467f1383d35b42ee779b60fc4733abe53?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/lighthouse-coredns-rhel8\u0026tag=v0.14.1-7"
}
}
},
{
"category": "product_version",
"name": "rhacm2/nettest-rhel8@sha256:fbfda748f9522137e99a91b4961ad2fb4e582256f1f25fb5f16d498f67dc99d8_s390x",
"product": {
"name": "rhacm2/nettest-rhel8@sha256:fbfda748f9522137e99a91b4961ad2fb4e582256f1f25fb5f16d498f67dc99d8_s390x",
"product_id": "rhacm2/nettest-rhel8@sha256:fbfda748f9522137e99a91b4961ad2fb4e582256f1f25fb5f16d498f67dc99d8_s390x",
"product_identification_helper": {
"purl": "pkg:oci/nettest-rhel8@sha256:fbfda748f9522137e99a91b4961ad2fb4e582256f1f25fb5f16d498f67dc99d8?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/nettest-rhel8\u0026tag=v0.14.1-7"
}
}
},
{
"category": "product_version",
"name": "rhacm2/subctl-rhel8@sha256:434c03429e8e8dc873f6f33c0091e8ae549945a7c9804c501cdd4e037fddda1d_s390x",
"product": {
"name": "rhacm2/subctl-rhel8@sha256:434c03429e8e8dc873f6f33c0091e8ae549945a7c9804c501cdd4e037fddda1d_s390x",
"product_id": "rhacm2/subctl-rhel8@sha256:434c03429e8e8dc873f6f33c0091e8ae549945a7c9804c501cdd4e037fddda1d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/subctl-rhel8@sha256:434c03429e8e8dc873f6f33c0091e8ae549945a7c9804c501cdd4e037fddda1d?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/subctl-rhel8\u0026tag=v0.14.1-10"
}
}
},
{
"category": "product_version",
"name": "rhacm2/submariner-gateway-rhel8@sha256:f937e339d6e3639faefecb07a91e065fd8417ddd7d094c325463719e007f56db_s390x",
"product": {
"name": "rhacm2/submariner-gateway-rhel8@sha256:f937e339d6e3639faefecb07a91e065fd8417ddd7d094c325463719e007f56db_s390x",
"product_id": "rhacm2/submariner-gateway-rhel8@sha256:f937e339d6e3639faefecb07a91e065fd8417ddd7d094c325463719e007f56db_s390x",
"product_identification_helper": {
"purl": "pkg:oci/submariner-gateway-rhel8@sha256:f937e339d6e3639faefecb07a91e065fd8417ddd7d094c325463719e007f56db?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/submariner-gateway-rhel8\u0026tag=v0.14.1-7"
}
}
},
{
"category": "product_version",
"name": "rhacm2/submariner-globalnet-rhel8@sha256:7fca711199f677e53818bc75001ba8f327d3f0f3e322c11c6a187a2cfb41a9af_s390x",
"product": {
"name": "rhacm2/submariner-globalnet-rhel8@sha256:7fca711199f677e53818bc75001ba8f327d3f0f3e322c11c6a187a2cfb41a9af_s390x",
"product_id": "rhacm2/submariner-globalnet-rhel8@sha256:7fca711199f677e53818bc75001ba8f327d3f0f3e322c11c6a187a2cfb41a9af_s390x",
"product_identification_helper": {
"purl": "pkg:oci/submariner-globalnet-rhel8@sha256:7fca711199f677e53818bc75001ba8f327d3f0f3e322c11c6a187a2cfb41a9af?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/submariner-globalnet-rhel8\u0026tag=v0.14.1-10"
}
}
},
{
"category": "product_version",
"name": "rhacm2/submariner-networkplugin-syncer-rhel8@sha256:b9444ac6e5099190de999300a06a3f2f91f01c569a83ca7ff1cfbc40a2b72174_s390x",
"product": {
"name": "rhacm2/submariner-networkplugin-syncer-rhel8@sha256:b9444ac6e5099190de999300a06a3f2f91f01c569a83ca7ff1cfbc40a2b72174_s390x",
"product_id": "rhacm2/submariner-networkplugin-syncer-rhel8@sha256:b9444ac6e5099190de999300a06a3f2f91f01c569a83ca7ff1cfbc40a2b72174_s390x",
"product_identification_helper": {
"purl": "pkg:oci/submariner-networkplugin-syncer-rhel8@sha256:b9444ac6e5099190de999300a06a3f2f91f01c569a83ca7ff1cfbc40a2b72174?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/submariner-networkplugin-syncer-rhel8\u0026tag=v0.14.1-7"
}
}
},
{
"category": "product_version",
"name": "rhacm2/submariner-operator-bundle@sha256:87b55b71c541c1edbe454185d728490eb39529d2b83f8e6c8443d334f9f81f3b_s390x",
"product": {
"name": "rhacm2/submariner-operator-bundle@sha256:87b55b71c541c1edbe454185d728490eb39529d2b83f8e6c8443d334f9f81f3b_s390x",
"product_id": "rhacm2/submariner-operator-bundle@sha256:87b55b71c541c1edbe454185d728490eb39529d2b83f8e6c8443d334f9f81f3b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/submariner-operator-bundle@sha256:87b55b71c541c1edbe454185d728490eb39529d2b83f8e6c8443d334f9f81f3b?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/submariner-operator-bundle\u0026tag=v0.14.1-16"
}
}
},
{
"category": "product_version",
"name": "rhacm2/submariner-rhel8-operator@sha256:c0e26f8db9a5c0691185f80e6dcdd86d6a57c61e4066fdfd10eb8e31bed1469e_s390x",
"product": {
"name": "rhacm2/submariner-rhel8-operator@sha256:c0e26f8db9a5c0691185f80e6dcdd86d6a57c61e4066fdfd10eb8e31bed1469e_s390x",
"product_id": "rhacm2/submariner-rhel8-operator@sha256:c0e26f8db9a5c0691185f80e6dcdd86d6a57c61e4066fdfd10eb8e31bed1469e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/submariner-rhel8-operator@sha256:c0e26f8db9a5c0691185f80e6dcdd86d6a57c61e4066fdfd10eb8e31bed1469e?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/submariner-rhel8-operator\u0026tag=v0.14.1-9"
}
}
},
{
"category": "product_version",
"name": "rhacm2/submariner-route-agent-rhel8@sha256:efa917cc9518c1c15ae18d290b5bd4442afcacfcd7017c4e3470c3ce87ec6da5_s390x",
"product": {
"name": "rhacm2/submariner-route-agent-rhel8@sha256:efa917cc9518c1c15ae18d290b5bd4442afcacfcd7017c4e3470c3ce87ec6da5_s390x",
"product_id": "rhacm2/submariner-route-agent-rhel8@sha256:efa917cc9518c1c15ae18d290b5bd4442afcacfcd7017c4e3470c3ce87ec6da5_s390x",
"product_identification_helper": {
"purl": "pkg:oci/submariner-route-agent-rhel8@sha256:efa917cc9518c1c15ae18d290b5bd4442afcacfcd7017c4e3470c3ce87ec6da5?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/submariner-route-agent-rhel8\u0026tag=v0.14.1-7"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "rhacm2/lighthouse-agent-rhel8@sha256:9b75b42c8b9cfb029e76b806e8eb9dc3178a76e358abf7a5ea56b50503f9b6e6_amd64",
"product": {
"name": "rhacm2/lighthouse-agent-rhel8@sha256:9b75b42c8b9cfb029e76b806e8eb9dc3178a76e358abf7a5ea56b50503f9b6e6_amd64",
"product_id": "rhacm2/lighthouse-agent-rhel8@sha256:9b75b42c8b9cfb029e76b806e8eb9dc3178a76e358abf7a5ea56b50503f9b6e6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/lighthouse-agent-rhel8@sha256:9b75b42c8b9cfb029e76b806e8eb9dc3178a76e358abf7a5ea56b50503f9b6e6?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/lighthouse-agent-rhel8\u0026tag=v0.14.1-7"
}
}
},
{
"category": "product_version",
"name": "rhacm2/lighthouse-coredns-rhel8@sha256:323319be40279b7c001bda0a7eae67b5662c1e7c9a9621a9ce9ec66b32ee4bbc_amd64",
"product": {
"name": "rhacm2/lighthouse-coredns-rhel8@sha256:323319be40279b7c001bda0a7eae67b5662c1e7c9a9621a9ce9ec66b32ee4bbc_amd64",
"product_id": "rhacm2/lighthouse-coredns-rhel8@sha256:323319be40279b7c001bda0a7eae67b5662c1e7c9a9621a9ce9ec66b32ee4bbc_amd64",
"product_identification_helper": {
"purl": "pkg:oci/lighthouse-coredns-rhel8@sha256:323319be40279b7c001bda0a7eae67b5662c1e7c9a9621a9ce9ec66b32ee4bbc?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/lighthouse-coredns-rhel8\u0026tag=v0.14.1-7"
}
}
},
{
"category": "product_version",
"name": "rhacm2/nettest-rhel8@sha256:f2eb14197331ee3fc6a022f17f22ca5b8ee54f76783ffa9e581a0eca5377122e_amd64",
"product": {
"name": "rhacm2/nettest-rhel8@sha256:f2eb14197331ee3fc6a022f17f22ca5b8ee54f76783ffa9e581a0eca5377122e_amd64",
"product_id": "rhacm2/nettest-rhel8@sha256:f2eb14197331ee3fc6a022f17f22ca5b8ee54f76783ffa9e581a0eca5377122e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/nettest-rhel8@sha256:f2eb14197331ee3fc6a022f17f22ca5b8ee54f76783ffa9e581a0eca5377122e?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/nettest-rhel8\u0026tag=v0.14.1-7"
}
}
},
{
"category": "product_version",
"name": "rhacm2/subctl-rhel8@sha256:690f87d67e3a9c63a4a95bf118bcea774d43437c7e68441ea3cfbcd40194c78d_amd64",
"product": {
"name": "rhacm2/subctl-rhel8@sha256:690f87d67e3a9c63a4a95bf118bcea774d43437c7e68441ea3cfbcd40194c78d_amd64",
"product_id": "rhacm2/subctl-rhel8@sha256:690f87d67e3a9c63a4a95bf118bcea774d43437c7e68441ea3cfbcd40194c78d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/subctl-rhel8@sha256:690f87d67e3a9c63a4a95bf118bcea774d43437c7e68441ea3cfbcd40194c78d?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/subctl-rhel8\u0026tag=v0.14.1-10"
}
}
},
{
"category": "product_version",
"name": "rhacm2/submariner-gateway-rhel8@sha256:4feb9fd7fa4da86d7eefbc8b1704cda6f9c9920c1b2903aca7b136532c56c3b9_amd64",
"product": {
"name": "rhacm2/submariner-gateway-rhel8@sha256:4feb9fd7fa4da86d7eefbc8b1704cda6f9c9920c1b2903aca7b136532c56c3b9_amd64",
"product_id": "rhacm2/submariner-gateway-rhel8@sha256:4feb9fd7fa4da86d7eefbc8b1704cda6f9c9920c1b2903aca7b136532c56c3b9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/submariner-gateway-rhel8@sha256:4feb9fd7fa4da86d7eefbc8b1704cda6f9c9920c1b2903aca7b136532c56c3b9?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/submariner-gateway-rhel8\u0026tag=v0.14.1-7"
}
}
},
{
"category": "product_version",
"name": "rhacm2/submariner-globalnet-rhel8@sha256:67b56f6fbcb14caae9f1b20513d322deeed666a872ef02b5a73a5cf088183795_amd64",
"product": {
"name": "rhacm2/submariner-globalnet-rhel8@sha256:67b56f6fbcb14caae9f1b20513d322deeed666a872ef02b5a73a5cf088183795_amd64",
"product_id": "rhacm2/submariner-globalnet-rhel8@sha256:67b56f6fbcb14caae9f1b20513d322deeed666a872ef02b5a73a5cf088183795_amd64",
"product_identification_helper": {
"purl": "pkg:oci/submariner-globalnet-rhel8@sha256:67b56f6fbcb14caae9f1b20513d322deeed666a872ef02b5a73a5cf088183795?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/submariner-globalnet-rhel8\u0026tag=v0.14.1-10"
}
}
},
{
"category": "product_version",
"name": "rhacm2/submariner-networkplugin-syncer-rhel8@sha256:f8f3399de2bf019925cc85b89cc85f15049a7b135af97bdcff94aeaac5fe5762_amd64",
"product": {
"name": "rhacm2/submariner-networkplugin-syncer-rhel8@sha256:f8f3399de2bf019925cc85b89cc85f15049a7b135af97bdcff94aeaac5fe5762_amd64",
"product_id": "rhacm2/submariner-networkplugin-syncer-rhel8@sha256:f8f3399de2bf019925cc85b89cc85f15049a7b135af97bdcff94aeaac5fe5762_amd64",
"product_identification_helper": {
"purl": "pkg:oci/submariner-networkplugin-syncer-rhel8@sha256:f8f3399de2bf019925cc85b89cc85f15049a7b135af97bdcff94aeaac5fe5762?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/submariner-networkplugin-syncer-rhel8\u0026tag=v0.14.1-7"
}
}
},
{
"category": "product_version",
"name": "rhacm2/submariner-operator-bundle@sha256:69f061caec1403b1e4f002207a0b8acdc41ada2f9c7f46767648d05672d8c8ca_amd64",
"product": {
"name": "rhacm2/submariner-operator-bundle@sha256:69f061caec1403b1e4f002207a0b8acdc41ada2f9c7f46767648d05672d8c8ca_amd64",
"product_id": "rhacm2/submariner-operator-bundle@sha256:69f061caec1403b1e4f002207a0b8acdc41ada2f9c7f46767648d05672d8c8ca_amd64",
"product_identification_helper": {
"purl": "pkg:oci/submariner-operator-bundle@sha256:69f061caec1403b1e4f002207a0b8acdc41ada2f9c7f46767648d05672d8c8ca?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/submariner-operator-bundle\u0026tag=v0.14.1-16"
}
}
},
{
"category": "product_version",
"name": "rhacm2/submariner-rhel8-operator@sha256:3e054a396afcd57fd953856553f1c9d8f17b68ea9314a7307a9ead51dcb1f5c5_amd64",
"product": {
"name": "rhacm2/submariner-rhel8-operator@sha256:3e054a396afcd57fd953856553f1c9d8f17b68ea9314a7307a9ead51dcb1f5c5_amd64",
"product_id": "rhacm2/submariner-rhel8-operator@sha256:3e054a396afcd57fd953856553f1c9d8f17b68ea9314a7307a9ead51dcb1f5c5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/submariner-rhel8-operator@sha256:3e054a396afcd57fd953856553f1c9d8f17b68ea9314a7307a9ead51dcb1f5c5?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/submariner-rhel8-operator\u0026tag=v0.14.1-9"
}
}
},
{
"category": "product_version",
"name": "rhacm2/submariner-route-agent-rhel8@sha256:4818471887484d8bb5ec2801c7fc98ef3cc52139c68f1f95a72ff9b54c124e3c_amd64",
"product": {
"name": "rhacm2/submariner-route-agent-rhel8@sha256:4818471887484d8bb5ec2801c7fc98ef3cc52139c68f1f95a72ff9b54c124e3c_amd64",
"product_id": "rhacm2/submariner-route-agent-rhel8@sha256:4818471887484d8bb5ec2801c7fc98ef3cc52139c68f1f95a72ff9b54c124e3c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/submariner-route-agent-rhel8@sha256:4818471887484d8bb5ec2801c7fc98ef3cc52139c68f1f95a72ff9b54c124e3c?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/submariner-route-agent-rhel8\u0026tag=v0.14.1-7"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/lighthouse-agent-rhel8@sha256:135a7d6329ff7accf471f81b7cc235454a8de632d82eff7472769908dee4ea62_ppc64le as a component of Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8",
"product_id": "8Base-RHACM-2.7:rhacm2/lighthouse-agent-rhel8@sha256:135a7d6329ff7accf471f81b7cc235454a8de632d82eff7472769908dee4ea62_ppc64le"
},
"product_reference": "rhacm2/lighthouse-agent-rhel8@sha256:135a7d6329ff7accf471f81b7cc235454a8de632d82eff7472769908dee4ea62_ppc64le",
"relates_to_product_reference": "8Base-RHACM-2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/lighthouse-agent-rhel8@sha256:3889ac37818edf1a73a78b21117f21e03e6c5d04afce4e087df0915d29f7ae0b_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8",
"product_id": "8Base-RHACM-2.7:rhacm2/lighthouse-agent-rhel8@sha256:3889ac37818edf1a73a78b21117f21e03e6c5d04afce4e087df0915d29f7ae0b_arm64"
},
"product_reference": "rhacm2/lighthouse-agent-rhel8@sha256:3889ac37818edf1a73a78b21117f21e03e6c5d04afce4e087df0915d29f7ae0b_arm64",
"relates_to_product_reference": "8Base-RHACM-2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/lighthouse-agent-rhel8@sha256:61504950ebe4601f60431611d6edcb825cf07781490dec3cf8dedf77c8bb3bc5_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8",
"product_id": "8Base-RHACM-2.7:rhacm2/lighthouse-agent-rhel8@sha256:61504950ebe4601f60431611d6edcb825cf07781490dec3cf8dedf77c8bb3bc5_s390x"
},
"product_reference": "rhacm2/lighthouse-agent-rhel8@sha256:61504950ebe4601f60431611d6edcb825cf07781490dec3cf8dedf77c8bb3bc5_s390x",
"relates_to_product_reference": "8Base-RHACM-2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/lighthouse-agent-rhel8@sha256:9b75b42c8b9cfb029e76b806e8eb9dc3178a76e358abf7a5ea56b50503f9b6e6_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8",
"product_id": "8Base-RHACM-2.7:rhacm2/lighthouse-agent-rhel8@sha256:9b75b42c8b9cfb029e76b806e8eb9dc3178a76e358abf7a5ea56b50503f9b6e6_amd64"
},
"product_reference": "rhacm2/lighthouse-agent-rhel8@sha256:9b75b42c8b9cfb029e76b806e8eb9dc3178a76e358abf7a5ea56b50503f9b6e6_amd64",
"relates_to_product_reference": "8Base-RHACM-2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/lighthouse-coredns-rhel8@sha256:323319be40279b7c001bda0a7eae67b5662c1e7c9a9621a9ce9ec66b32ee4bbc_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8",
"product_id": "8Base-RHACM-2.7:rhacm2/lighthouse-coredns-rhel8@sha256:323319be40279b7c001bda0a7eae67b5662c1e7c9a9621a9ce9ec66b32ee4bbc_amd64"
},
"product_reference": "rhacm2/lighthouse-coredns-rhel8@sha256:323319be40279b7c001bda0a7eae67b5662c1e7c9a9621a9ce9ec66b32ee4bbc_amd64",
"relates_to_product_reference": "8Base-RHACM-2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/lighthouse-coredns-rhel8@sha256:dbe8522519a073ed4620886586b4d0b467f1383d35b42ee779b60fc4733abe53_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8",
"product_id": "8Base-RHACM-2.7:rhacm2/lighthouse-coredns-rhel8@sha256:dbe8522519a073ed4620886586b4d0b467f1383d35b42ee779b60fc4733abe53_s390x"
},
"product_reference": "rhacm2/lighthouse-coredns-rhel8@sha256:dbe8522519a073ed4620886586b4d0b467f1383d35b42ee779b60fc4733abe53_s390x",
"relates_to_product_reference": "8Base-RHACM-2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/lighthouse-coredns-rhel8@sha256:e66ef48970b4a4755c1677687508036927717fff47d24864cee09eb169930755_ppc64le as a component of Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8",
"product_id": "8Base-RHACM-2.7:rhacm2/lighthouse-coredns-rhel8@sha256:e66ef48970b4a4755c1677687508036927717fff47d24864cee09eb169930755_ppc64le"
},
"product_reference": "rhacm2/lighthouse-coredns-rhel8@sha256:e66ef48970b4a4755c1677687508036927717fff47d24864cee09eb169930755_ppc64le",
"relates_to_product_reference": "8Base-RHACM-2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/lighthouse-coredns-rhel8@sha256:ed7b1d9eaa0fb5395b579214fcbb8c6c9f47147711affed6c40a9ea76e3ec5cc_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8",
"product_id": "8Base-RHACM-2.7:rhacm2/lighthouse-coredns-rhel8@sha256:ed7b1d9eaa0fb5395b579214fcbb8c6c9f47147711affed6c40a9ea76e3ec5cc_arm64"
},
"product_reference": "rhacm2/lighthouse-coredns-rhel8@sha256:ed7b1d9eaa0fb5395b579214fcbb8c6c9f47147711affed6c40a9ea76e3ec5cc_arm64",
"relates_to_product_reference": "8Base-RHACM-2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/nettest-rhel8@sha256:21280d682e06e920a6620e823ff873dd7f26bcdf1f5e6afeaea33bd17fc90b32_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8",
"product_id": "8Base-RHACM-2.7:rhacm2/nettest-rhel8@sha256:21280d682e06e920a6620e823ff873dd7f26bcdf1f5e6afeaea33bd17fc90b32_arm64"
},
"product_reference": "rhacm2/nettest-rhel8@sha256:21280d682e06e920a6620e823ff873dd7f26bcdf1f5e6afeaea33bd17fc90b32_arm64",
"relates_to_product_reference": "8Base-RHACM-2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/nettest-rhel8@sha256:80ecc8810042471f15091d785dc7c34cdb0afa7c845784c0a40a82244c51f132_ppc64le as a component of Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8",
"product_id": "8Base-RHACM-2.7:rhacm2/nettest-rhel8@sha256:80ecc8810042471f15091d785dc7c34cdb0afa7c845784c0a40a82244c51f132_ppc64le"
},
"product_reference": "rhacm2/nettest-rhel8@sha256:80ecc8810042471f15091d785dc7c34cdb0afa7c845784c0a40a82244c51f132_ppc64le",
"relates_to_product_reference": "8Base-RHACM-2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/nettest-rhel8@sha256:f2eb14197331ee3fc6a022f17f22ca5b8ee54f76783ffa9e581a0eca5377122e_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8",
"product_id": "8Base-RHACM-2.7:rhacm2/nettest-rhel8@sha256:f2eb14197331ee3fc6a022f17f22ca5b8ee54f76783ffa9e581a0eca5377122e_amd64"
},
"product_reference": "rhacm2/nettest-rhel8@sha256:f2eb14197331ee3fc6a022f17f22ca5b8ee54f76783ffa9e581a0eca5377122e_amd64",
"relates_to_product_reference": "8Base-RHACM-2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/nettest-rhel8@sha256:fbfda748f9522137e99a91b4961ad2fb4e582256f1f25fb5f16d498f67dc99d8_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8",
"product_id": "8Base-RHACM-2.7:rhacm2/nettest-rhel8@sha256:fbfda748f9522137e99a91b4961ad2fb4e582256f1f25fb5f16d498f67dc99d8_s390x"
},
"product_reference": "rhacm2/nettest-rhel8@sha256:fbfda748f9522137e99a91b4961ad2fb4e582256f1f25fb5f16d498f67dc99d8_s390x",
"relates_to_product_reference": "8Base-RHACM-2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/subctl-rhel8@sha256:1dfa9cbde516c58a7889fa6765a2dedeeb1f5ca4a8bbae6073e0c5f030bb973d_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8",
"product_id": "8Base-RHACM-2.7:rhacm2/subctl-rhel8@sha256:1dfa9cbde516c58a7889fa6765a2dedeeb1f5ca4a8bbae6073e0c5f030bb973d_arm64"
},
"product_reference": "rhacm2/subctl-rhel8@sha256:1dfa9cbde516c58a7889fa6765a2dedeeb1f5ca4a8bbae6073e0c5f030bb973d_arm64",
"relates_to_product_reference": "8Base-RHACM-2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/subctl-rhel8@sha256:434c03429e8e8dc873f6f33c0091e8ae549945a7c9804c501cdd4e037fddda1d_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8",
"product_id": "8Base-RHACM-2.7:rhacm2/subctl-rhel8@sha256:434c03429e8e8dc873f6f33c0091e8ae549945a7c9804c501cdd4e037fddda1d_s390x"
},
"product_reference": "rhacm2/subctl-rhel8@sha256:434c03429e8e8dc873f6f33c0091e8ae549945a7c9804c501cdd4e037fddda1d_s390x",
"relates_to_product_reference": "8Base-RHACM-2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/subctl-rhel8@sha256:690f87d67e3a9c63a4a95bf118bcea774d43437c7e68441ea3cfbcd40194c78d_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8",
"product_id": "8Base-RHACM-2.7:rhacm2/subctl-rhel8@sha256:690f87d67e3a9c63a4a95bf118bcea774d43437c7e68441ea3cfbcd40194c78d_amd64"
},
"product_reference": "rhacm2/subctl-rhel8@sha256:690f87d67e3a9c63a4a95bf118bcea774d43437c7e68441ea3cfbcd40194c78d_amd64",
"relates_to_product_reference": "8Base-RHACM-2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/subctl-rhel8@sha256:985b34c33af8f50a10f3f6f0056b2ff6baad2f5e152df45382d3f23048e901c7_ppc64le as a component of Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8",
"product_id": "8Base-RHACM-2.7:rhacm2/subctl-rhel8@sha256:985b34c33af8f50a10f3f6f0056b2ff6baad2f5e152df45382d3f23048e901c7_ppc64le"
},
"product_reference": "rhacm2/subctl-rhel8@sha256:985b34c33af8f50a10f3f6f0056b2ff6baad2f5e152df45382d3f23048e901c7_ppc64le",
"relates_to_product_reference": "8Base-RHACM-2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/submariner-gateway-rhel8@sha256:4feb9fd7fa4da86d7eefbc8b1704cda6f9c9920c1b2903aca7b136532c56c3b9_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8",
"product_id": "8Base-RHACM-2.7:rhacm2/submariner-gateway-rhel8@sha256:4feb9fd7fa4da86d7eefbc8b1704cda6f9c9920c1b2903aca7b136532c56c3b9_amd64"
},
"product_reference": "rhacm2/submariner-gateway-rhel8@sha256:4feb9fd7fa4da86d7eefbc8b1704cda6f9c9920c1b2903aca7b136532c56c3b9_amd64",
"relates_to_product_reference": "8Base-RHACM-2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/submariner-gateway-rhel8@sha256:62cd51e00ca635ea41ae24b522c67b90299ce5914d72b4e89343f8eb3a8248d6_ppc64le as a component of Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8",
"product_id": "8Base-RHACM-2.7:rhacm2/submariner-gateway-rhel8@sha256:62cd51e00ca635ea41ae24b522c67b90299ce5914d72b4e89343f8eb3a8248d6_ppc64le"
},
"product_reference": "rhacm2/submariner-gateway-rhel8@sha256:62cd51e00ca635ea41ae24b522c67b90299ce5914d72b4e89343f8eb3a8248d6_ppc64le",
"relates_to_product_reference": "8Base-RHACM-2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/submariner-gateway-rhel8@sha256:e9157a51b02b5ba0e44f1e25bf96c7ea950ba6576935ea6be0a3b14781bc0a37_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8",
"product_id": "8Base-RHACM-2.7:rhacm2/submariner-gateway-rhel8@sha256:e9157a51b02b5ba0e44f1e25bf96c7ea950ba6576935ea6be0a3b14781bc0a37_arm64"
},
"product_reference": "rhacm2/submariner-gateway-rhel8@sha256:e9157a51b02b5ba0e44f1e25bf96c7ea950ba6576935ea6be0a3b14781bc0a37_arm64",
"relates_to_product_reference": "8Base-RHACM-2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/submariner-gateway-rhel8@sha256:f937e339d6e3639faefecb07a91e065fd8417ddd7d094c325463719e007f56db_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8",
"product_id": "8Base-RHACM-2.7:rhacm2/submariner-gateway-rhel8@sha256:f937e339d6e3639faefecb07a91e065fd8417ddd7d094c325463719e007f56db_s390x"
},
"product_reference": "rhacm2/submariner-gateway-rhel8@sha256:f937e339d6e3639faefecb07a91e065fd8417ddd7d094c325463719e007f56db_s390x",
"relates_to_product_reference": "8Base-RHACM-2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/submariner-globalnet-rhel8@sha256:5924cc9a8092d6282afca8f4cdcbfd8c8fb7c5cafd86a69537b2fd619824f184_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8",
"product_id": "8Base-RHACM-2.7:rhacm2/submariner-globalnet-rhel8@sha256:5924cc9a8092d6282afca8f4cdcbfd8c8fb7c5cafd86a69537b2fd619824f184_arm64"
},
"product_reference": "rhacm2/submariner-globalnet-rhel8@sha256:5924cc9a8092d6282afca8f4cdcbfd8c8fb7c5cafd86a69537b2fd619824f184_arm64",
"relates_to_product_reference": "8Base-RHACM-2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/submariner-globalnet-rhel8@sha256:67b56f6fbcb14caae9f1b20513d322deeed666a872ef02b5a73a5cf088183795_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8",
"product_id": "8Base-RHACM-2.7:rhacm2/submariner-globalnet-rhel8@sha256:67b56f6fbcb14caae9f1b20513d322deeed666a872ef02b5a73a5cf088183795_amd64"
},
"product_reference": "rhacm2/submariner-globalnet-rhel8@sha256:67b56f6fbcb14caae9f1b20513d322deeed666a872ef02b5a73a5cf088183795_amd64",
"relates_to_product_reference": "8Base-RHACM-2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/submariner-globalnet-rhel8@sha256:7fca711199f677e53818bc75001ba8f327d3f0f3e322c11c6a187a2cfb41a9af_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8",
"product_id": "8Base-RHACM-2.7:rhacm2/submariner-globalnet-rhel8@sha256:7fca711199f677e53818bc75001ba8f327d3f0f3e322c11c6a187a2cfb41a9af_s390x"
},
"product_reference": "rhacm2/submariner-globalnet-rhel8@sha256:7fca711199f677e53818bc75001ba8f327d3f0f3e322c11c6a187a2cfb41a9af_s390x",
"relates_to_product_reference": "8Base-RHACM-2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/submariner-globalnet-rhel8@sha256:edbd6157d552db94cc6edba05f4a0341e5f98849d26225dbd301da4a103c67f2_ppc64le as a component of Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8",
"product_id": "8Base-RHACM-2.7:rhacm2/submariner-globalnet-rhel8@sha256:edbd6157d552db94cc6edba05f4a0341e5f98849d26225dbd301da4a103c67f2_ppc64le"
},
"product_reference": "rhacm2/submariner-globalnet-rhel8@sha256:edbd6157d552db94cc6edba05f4a0341e5f98849d26225dbd301da4a103c67f2_ppc64le",
"relates_to_product_reference": "8Base-RHACM-2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/submariner-networkplugin-syncer-rhel8@sha256:5d65182dd2cafc18c987f1ef9ed16b1ddffe1deef4070e821a6eeb33b1752b6e_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8",
"product_id": "8Base-RHACM-2.7:rhacm2/submariner-networkplugin-syncer-rhel8@sha256:5d65182dd2cafc18c987f1ef9ed16b1ddffe1deef4070e821a6eeb33b1752b6e_arm64"
},
"product_reference": "rhacm2/submariner-networkplugin-syncer-rhel8@sha256:5d65182dd2cafc18c987f1ef9ed16b1ddffe1deef4070e821a6eeb33b1752b6e_arm64",
"relates_to_product_reference": "8Base-RHACM-2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/submariner-networkplugin-syncer-rhel8@sha256:98e572c91453a607b140421d5711ff9c2f0ce1a0999243868280fcb667e7632c_ppc64le as a component of Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8",
"product_id": "8Base-RHACM-2.7:rhacm2/submariner-networkplugin-syncer-rhel8@sha256:98e572c91453a607b140421d5711ff9c2f0ce1a0999243868280fcb667e7632c_ppc64le"
},
"product_reference": "rhacm2/submariner-networkplugin-syncer-rhel8@sha256:98e572c91453a607b140421d5711ff9c2f0ce1a0999243868280fcb667e7632c_ppc64le",
"relates_to_product_reference": "8Base-RHACM-2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/submariner-networkplugin-syncer-rhel8@sha256:b9444ac6e5099190de999300a06a3f2f91f01c569a83ca7ff1cfbc40a2b72174_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8",
"product_id": "8Base-RHACM-2.7:rhacm2/submariner-networkplugin-syncer-rhel8@sha256:b9444ac6e5099190de999300a06a3f2f91f01c569a83ca7ff1cfbc40a2b72174_s390x"
},
"product_reference": "rhacm2/submariner-networkplugin-syncer-rhel8@sha256:b9444ac6e5099190de999300a06a3f2f91f01c569a83ca7ff1cfbc40a2b72174_s390x",
"relates_to_product_reference": "8Base-RHACM-2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/submariner-networkplugin-syncer-rhel8@sha256:f8f3399de2bf019925cc85b89cc85f15049a7b135af97bdcff94aeaac5fe5762_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8",
"product_id": "8Base-RHACM-2.7:rhacm2/submariner-networkplugin-syncer-rhel8@sha256:f8f3399de2bf019925cc85b89cc85f15049a7b135af97bdcff94aeaac5fe5762_amd64"
},
"product_reference": "rhacm2/submariner-networkplugin-syncer-rhel8@sha256:f8f3399de2bf019925cc85b89cc85f15049a7b135af97bdcff94aeaac5fe5762_amd64",
"relates_to_product_reference": "8Base-RHACM-2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/submariner-operator-bundle@sha256:5fd5a4910c4997a182ccb786fd22cf213bd651d0e14eb1645a150045bc47a779_ppc64le as a component of Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8",
"product_id": "8Base-RHACM-2.7:rhacm2/submariner-operator-bundle@sha256:5fd5a4910c4997a182ccb786fd22cf213bd651d0e14eb1645a150045bc47a779_ppc64le"
},
"product_reference": "rhacm2/submariner-operator-bundle@sha256:5fd5a4910c4997a182ccb786fd22cf213bd651d0e14eb1645a150045bc47a779_ppc64le",
"relates_to_product_reference": "8Base-RHACM-2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/submariner-operator-bundle@sha256:69f061caec1403b1e4f002207a0b8acdc41ada2f9c7f46767648d05672d8c8ca_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8",
"product_id": "8Base-RHACM-2.7:rhacm2/submariner-operator-bundle@sha256:69f061caec1403b1e4f002207a0b8acdc41ada2f9c7f46767648d05672d8c8ca_amd64"
},
"product_reference": "rhacm2/submariner-operator-bundle@sha256:69f061caec1403b1e4f002207a0b8acdc41ada2f9c7f46767648d05672d8c8ca_amd64",
"relates_to_product_reference": "8Base-RHACM-2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/submariner-operator-bundle@sha256:87b55b71c541c1edbe454185d728490eb39529d2b83f8e6c8443d334f9f81f3b_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8",
"product_id": "8Base-RHACM-2.7:rhacm2/submariner-operator-bundle@sha256:87b55b71c541c1edbe454185d728490eb39529d2b83f8e6c8443d334f9f81f3b_s390x"
},
"product_reference": "rhacm2/submariner-operator-bundle@sha256:87b55b71c541c1edbe454185d728490eb39529d2b83f8e6c8443d334f9f81f3b_s390x",
"relates_to_product_reference": "8Base-RHACM-2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/submariner-operator-bundle@sha256:9f145c2eabacbcfa25a172a6de2516ad4a9e513c3d67b205e9a7e7069e8e4d4a_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8",
"product_id": "8Base-RHACM-2.7:rhacm2/submariner-operator-bundle@sha256:9f145c2eabacbcfa25a172a6de2516ad4a9e513c3d67b205e9a7e7069e8e4d4a_arm64"
},
"product_reference": "rhacm2/submariner-operator-bundle@sha256:9f145c2eabacbcfa25a172a6de2516ad4a9e513c3d67b205e9a7e7069e8e4d4a_arm64",
"relates_to_product_reference": "8Base-RHACM-2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/submariner-rhel8-operator@sha256:3e054a396afcd57fd953856553f1c9d8f17b68ea9314a7307a9ead51dcb1f5c5_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8",
"product_id": "8Base-RHACM-2.7:rhacm2/submariner-rhel8-operator@sha256:3e054a396afcd57fd953856553f1c9d8f17b68ea9314a7307a9ead51dcb1f5c5_amd64"
},
"product_reference": "rhacm2/submariner-rhel8-operator@sha256:3e054a396afcd57fd953856553f1c9d8f17b68ea9314a7307a9ead51dcb1f5c5_amd64",
"relates_to_product_reference": "8Base-RHACM-2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/submariner-rhel8-operator@sha256:727ac19ec8bbeed1a13b2ee09fe075a305c3fc3f568cfe40b499321a94061e50_ppc64le as a component of Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8",
"product_id": "8Base-RHACM-2.7:rhacm2/submariner-rhel8-operator@sha256:727ac19ec8bbeed1a13b2ee09fe075a305c3fc3f568cfe40b499321a94061e50_ppc64le"
},
"product_reference": "rhacm2/submariner-rhel8-operator@sha256:727ac19ec8bbeed1a13b2ee09fe075a305c3fc3f568cfe40b499321a94061e50_ppc64le",
"relates_to_product_reference": "8Base-RHACM-2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/submariner-rhel8-operator@sha256:c0e26f8db9a5c0691185f80e6dcdd86d6a57c61e4066fdfd10eb8e31bed1469e_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8",
"product_id": "8Base-RHACM-2.7:rhacm2/submariner-rhel8-operator@sha256:c0e26f8db9a5c0691185f80e6dcdd86d6a57c61e4066fdfd10eb8e31bed1469e_s390x"
},
"product_reference": "rhacm2/submariner-rhel8-operator@sha256:c0e26f8db9a5c0691185f80e6dcdd86d6a57c61e4066fdfd10eb8e31bed1469e_s390x",
"relates_to_product_reference": "8Base-RHACM-2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/submariner-rhel8-operator@sha256:c643fc44d3af4c3fd8671af2378bef068796fe98669b71579e50c154f2337b92_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8",
"product_id": "8Base-RHACM-2.7:rhacm2/submariner-rhel8-operator@sha256:c643fc44d3af4c3fd8671af2378bef068796fe98669b71579e50c154f2337b92_arm64"
},
"product_reference": "rhacm2/submariner-rhel8-operator@sha256:c643fc44d3af4c3fd8671af2378bef068796fe98669b71579e50c154f2337b92_arm64",
"relates_to_product_reference": "8Base-RHACM-2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/submariner-route-agent-rhel8@sha256:4818471887484d8bb5ec2801c7fc98ef3cc52139c68f1f95a72ff9b54c124e3c_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8",
"product_id": "8Base-RHACM-2.7:rhacm2/submariner-route-agent-rhel8@sha256:4818471887484d8bb5ec2801c7fc98ef3cc52139c68f1f95a72ff9b54c124e3c_amd64"
},
"product_reference": "rhacm2/submariner-route-agent-rhel8@sha256:4818471887484d8bb5ec2801c7fc98ef3cc52139c68f1f95a72ff9b54c124e3c_amd64",
"relates_to_product_reference": "8Base-RHACM-2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/submariner-route-agent-rhel8@sha256:5a3456edbe7796c9570bb01c6e720f4c32ba6e0a5051d0282f5b0db67fd8ea2c_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8",
"product_id": "8Base-RHACM-2.7:rhacm2/submariner-route-agent-rhel8@sha256:5a3456edbe7796c9570bb01c6e720f4c32ba6e0a5051d0282f5b0db67fd8ea2c_arm64"
},
"product_reference": "rhacm2/submariner-route-agent-rhel8@sha256:5a3456edbe7796c9570bb01c6e720f4c32ba6e0a5051d0282f5b0db67fd8ea2c_arm64",
"relates_to_product_reference": "8Base-RHACM-2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/submariner-route-agent-rhel8@sha256:cdb405309b67640fe75ec802c5f3793b55217044f527c611b5155d6799b2e666_ppc64le as a component of Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8",
"product_id": "8Base-RHACM-2.7:rhacm2/submariner-route-agent-rhel8@sha256:cdb405309b67640fe75ec802c5f3793b55217044f527c611b5155d6799b2e666_ppc64le"
},
"product_reference": "rhacm2/submariner-route-agent-rhel8@sha256:cdb405309b67640fe75ec802c5f3793b55217044f527c611b5155d6799b2e666_ppc64le",
"relates_to_product_reference": "8Base-RHACM-2.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/submariner-route-agent-rhel8@sha256:efa917cc9518c1c15ae18d290b5bd4442afcacfcd7017c4e3470c3ce87ec6da5_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8",
"product_id": "8Base-RHACM-2.7:rhacm2/submariner-route-agent-rhel8@sha256:efa917cc9518c1c15ae18d290b5bd4442afcacfcd7017c4e3470c3ce87ec6da5_s390x"
},
"product_reference": "rhacm2/submariner-route-agent-rhel8@sha256:efa917cc9518c1c15ae18d290b5bd4442afcacfcd7017c4e3470c3ce87ec6da5_s390x",
"relates_to_product_reference": "8Base-RHACM-2.7"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Daniel Abeles"
],
"organization": "Head of Research, Oxeye"
},
{
"names": [
"Gal Goldstein"
],
"organization": "Security Researcher, Oxeye"
}
],
"cve": "CVE-2022-2880",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2022-10-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHACM-2.7:rhacm2/lighthouse-agent-rhel8@sha256:135a7d6329ff7accf471f81b7cc235454a8de632d82eff7472769908dee4ea62_ppc64le",
"8Base-RHACM-2.7:rhacm2/lighthouse-agent-rhel8@sha256:3889ac37818edf1a73a78b21117f21e03e6c5d04afce4e087df0915d29f7ae0b_arm64",
"8Base-RHACM-2.7:rhacm2/lighthouse-agent-rhel8@sha256:61504950ebe4601f60431611d6edcb825cf07781490dec3cf8dedf77c8bb3bc5_s390x",
"8Base-RHACM-2.7:rhacm2/lighthouse-agent-rhel8@sha256:9b75b42c8b9cfb029e76b806e8eb9dc3178a76e358abf7a5ea56b50503f9b6e6_amd64",
"8Base-RHACM-2.7:rhacm2/lighthouse-coredns-rhel8@sha256:323319be40279b7c001bda0a7eae67b5662c1e7c9a9621a9ce9ec66b32ee4bbc_amd64",
"8Base-RHACM-2.7:rhacm2/lighthouse-coredns-rhel8@sha256:dbe8522519a073ed4620886586b4d0b467f1383d35b42ee779b60fc4733abe53_s390x",
"8Base-RHACM-2.7:rhacm2/lighthouse-coredns-rhel8@sha256:e66ef48970b4a4755c1677687508036927717fff47d24864cee09eb169930755_ppc64le",
"8Base-RHACM-2.7:rhacm2/lighthouse-coredns-rhel8@sha256:ed7b1d9eaa0fb5395b579214fcbb8c6c9f47147711affed6c40a9ea76e3ec5cc_arm64",
"8Base-RHACM-2.7:rhacm2/nettest-rhel8@sha256:21280d682e06e920a6620e823ff873dd7f26bcdf1f5e6afeaea33bd17fc90b32_arm64",
"8Base-RHACM-2.7:rhacm2/nettest-rhel8@sha256:80ecc8810042471f15091d785dc7c34cdb0afa7c845784c0a40a82244c51f132_ppc64le",
"8Base-RHACM-2.7:rhacm2/nettest-rhel8@sha256:f2eb14197331ee3fc6a022f17f22ca5b8ee54f76783ffa9e581a0eca5377122e_amd64",
"8Base-RHACM-2.7:rhacm2/nettest-rhel8@sha256:fbfda748f9522137e99a91b4961ad2fb4e582256f1f25fb5f16d498f67dc99d8_s390x",
"8Base-RHACM-2.7:rhacm2/submariner-gateway-rhel8@sha256:4feb9fd7fa4da86d7eefbc8b1704cda6f9c9920c1b2903aca7b136532c56c3b9_amd64",
"8Base-RHACM-2.7:rhacm2/submariner-gateway-rhel8@sha256:62cd51e00ca635ea41ae24b522c67b90299ce5914d72b4e89343f8eb3a8248d6_ppc64le",
"8Base-RHACM-2.7:rhacm2/submariner-gateway-rhel8@sha256:e9157a51b02b5ba0e44f1e25bf96c7ea950ba6576935ea6be0a3b14781bc0a37_arm64",
"8Base-RHACM-2.7:rhacm2/submariner-gateway-rhel8@sha256:f937e339d6e3639faefecb07a91e065fd8417ddd7d094c325463719e007f56db_s390x",
"8Base-RHACM-2.7:rhacm2/submariner-globalnet-rhel8@sha256:5924cc9a8092d6282afca8f4cdcbfd8c8fb7c5cafd86a69537b2fd619824f184_arm64",
"8Base-RHACM-2.7:rhacm2/submariner-globalnet-rhel8@sha256:67b56f6fbcb14caae9f1b20513d322deeed666a872ef02b5a73a5cf088183795_amd64",
"8Base-RHACM-2.7:rhacm2/submariner-globalnet-rhel8@sha256:7fca711199f677e53818bc75001ba8f327d3f0f3e322c11c6a187a2cfb41a9af_s390x",
"8Base-RHACM-2.7:rhacm2/submariner-globalnet-rhel8@sha256:edbd6157d552db94cc6edba05f4a0341e5f98849d26225dbd301da4a103c67f2_ppc64le",
"8Base-RHACM-2.7:rhacm2/submariner-networkplugin-syncer-rhel8@sha256:5d65182dd2cafc18c987f1ef9ed16b1ddffe1deef4070e821a6eeb33b1752b6e_arm64",
"8Base-RHACM-2.7:rhacm2/submariner-networkplugin-syncer-rhel8@sha256:98e572c91453a607b140421d5711ff9c2f0ce1a0999243868280fcb667e7632c_ppc64le",
"8Base-RHACM-2.7:rhacm2/submariner-networkplugin-syncer-rhel8@sha256:b9444ac6e5099190de999300a06a3f2f91f01c569a83ca7ff1cfbc40a2b72174_s390x",
"8Base-RHACM-2.7:rhacm2/submariner-networkplugin-syncer-rhel8@sha256:f8f3399de2bf019925cc85b89cc85f15049a7b135af97bdcff94aeaac5fe5762_amd64",
"8Base-RHACM-2.7:rhacm2/submariner-operator-bundle@sha256:5fd5a4910c4997a182ccb786fd22cf213bd651d0e14eb1645a150045bc47a779_ppc64le",
"8Base-RHACM-2.7:rhacm2/submariner-operator-bundle@sha256:69f061caec1403b1e4f002207a0b8acdc41ada2f9c7f46767648d05672d8c8ca_amd64",
"8Base-RHACM-2.7:rhacm2/submariner-operator-bundle@sha256:87b55b71c541c1edbe454185d728490eb39529d2b83f8e6c8443d334f9f81f3b_s390x",
"8Base-RHACM-2.7:rhacm2/submariner-operator-bundle@sha256:9f145c2eabacbcfa25a172a6de2516ad4a9e513c3d67b205e9a7e7069e8e4d4a_arm64",
"8Base-RHACM-2.7:rhacm2/submariner-rhel8-operator@sha256:3e054a396afcd57fd953856553f1c9d8f17b68ea9314a7307a9ead51dcb1f5c5_amd64",
"8Base-RHACM-2.7:rhacm2/submariner-rhel8-operator@sha256:727ac19ec8bbeed1a13b2ee09fe075a305c3fc3f568cfe40b499321a94061e50_ppc64le",
"8Base-RHACM-2.7:rhacm2/submariner-rhel8-operator@sha256:c0e26f8db9a5c0691185f80e6dcdd86d6a57c61e4066fdfd10eb8e31bed1469e_s390x",
"8Base-RHACM-2.7:rhacm2/submariner-rhel8-operator@sha256:c643fc44d3af4c3fd8671af2378bef068796fe98669b71579e50c154f2337b92_arm64",
"8Base-RHACM-2.7:rhacm2/submariner-route-agent-rhel8@sha256:4818471887484d8bb5ec2801c7fc98ef3cc52139c68f1f95a72ff9b54c124e3c_amd64",
"8Base-RHACM-2.7:rhacm2/submariner-route-agent-rhel8@sha256:5a3456edbe7796c9570bb01c6e720f4c32ba6e0a5051d0282f5b0db67fd8ea2c_arm64",
"8Base-RHACM-2.7:rhacm2/submariner-route-agent-rhel8@sha256:cdb405309b67640fe75ec802c5f3793b55217044f527c611b5155d6799b2e666_ppc64le",
"8Base-RHACM-2.7:rhacm2/submariner-route-agent-rhel8@sha256:efa917cc9518c1c15ae18d290b5bd4442afcacfcd7017c4e3470c3ce87ec6da5_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2132868"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After the fix, the reverse proxy sanitizes the query parameters in the forwarded query when the outbound request\u0027s form field is set after the reverse proxy. The director function returns, indicating that the proxy has parsed the query parameters. Proxies that do not parse query parameters continue to forward the original query parameters unchanged.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity to exploit this vulnerability is limited to the Golang runtime. In the case of the OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHACM-2.7:rhacm2/subctl-rhel8@sha256:1dfa9cbde516c58a7889fa6765a2dedeeb1f5ca4a8bbae6073e0c5f030bb973d_arm64",
"8Base-RHACM-2.7:rhacm2/subctl-rhel8@sha256:434c03429e8e8dc873f6f33c0091e8ae549945a7c9804c501cdd4e037fddda1d_s390x",
"8Base-RHACM-2.7:rhacm2/subctl-rhel8@sha256:690f87d67e3a9c63a4a95bf118bcea774d43437c7e68441ea3cfbcd40194c78d_amd64",
"8Base-RHACM-2.7:rhacm2/subctl-rhel8@sha256:985b34c33af8f50a10f3f6f0056b2ff6baad2f5e152df45382d3f23048e901c7_ppc64le"
],
"known_not_affected": [
"8Base-RHACM-2.7:rhacm2/lighthouse-agent-rhel8@sha256:135a7d6329ff7accf471f81b7cc235454a8de632d82eff7472769908dee4ea62_ppc64le",
"8Base-RHACM-2.7:rhacm2/lighthouse-agent-rhel8@sha256:3889ac37818edf1a73a78b21117f21e03e6c5d04afce4e087df0915d29f7ae0b_arm64",
"8Base-RHACM-2.7:rhacm2/lighthouse-agent-rhel8@sha256:61504950ebe4601f60431611d6edcb825cf07781490dec3cf8dedf77c8bb3bc5_s390x",
"8Base-RHACM-2.7:rhacm2/lighthouse-agent-rhel8@sha256:9b75b42c8b9cfb029e76b806e8eb9dc3178a76e358abf7a5ea56b50503f9b6e6_amd64",
"8Base-RHACM-2.7:rhacm2/lighthouse-coredns-rhel8@sha256:323319be40279b7c001bda0a7eae67b5662c1e7c9a9621a9ce9ec66b32ee4bbc_amd64",
"8Base-RHACM-2.7:rhacm2/lighthouse-coredns-rhel8@sha256:dbe8522519a073ed4620886586b4d0b467f1383d35b42ee779b60fc4733abe53_s390x",
"8Base-RHACM-2.7:rhacm2/lighthouse-coredns-rhel8@sha256:e66ef48970b4a4755c1677687508036927717fff47d24864cee09eb169930755_ppc64le",
"8Base-RHACM-2.7:rhacm2/lighthouse-coredns-rhel8@sha256:ed7b1d9eaa0fb5395b579214fcbb8c6c9f47147711affed6c40a9ea76e3ec5cc_arm64",
"8Base-RHACM-2.7:rhacm2/nettest-rhel8@sha256:21280d682e06e920a6620e823ff873dd7f26bcdf1f5e6afeaea33bd17fc90b32_arm64",
"8Base-RHACM-2.7:rhacm2/nettest-rhel8@sha256:80ecc8810042471f15091d785dc7c34cdb0afa7c845784c0a40a82244c51f132_ppc64le",
"8Base-RHACM-2.7:rhacm2/nettest-rhel8@sha256:f2eb14197331ee3fc6a022f17f22ca5b8ee54f76783ffa9e581a0eca5377122e_amd64",
"8Base-RHACM-2.7:rhacm2/nettest-rhel8@sha256:fbfda748f9522137e99a91b4961ad2fb4e582256f1f25fb5f16d498f67dc99d8_s390x",
"8Base-RHACM-2.7:rhacm2/submariner-gateway-rhel8@sha256:4feb9fd7fa4da86d7eefbc8b1704cda6f9c9920c1b2903aca7b136532c56c3b9_amd64",
"8Base-RHACM-2.7:rhacm2/submariner-gateway-rhel8@sha256:62cd51e00ca635ea41ae24b522c67b90299ce5914d72b4e89343f8eb3a8248d6_ppc64le",
"8Base-RHACM-2.7:rhacm2/submariner-gateway-rhel8@sha256:e9157a51b02b5ba0e44f1e25bf96c7ea950ba6576935ea6be0a3b14781bc0a37_arm64",
"8Base-RHACM-2.7:rhacm2/submariner-gateway-rhel8@sha256:f937e339d6e3639faefecb07a91e065fd8417ddd7d094c325463719e007f56db_s390x",
"8Base-RHACM-2.7:rhacm2/submariner-globalnet-rhel8@sha256:5924cc9a8092d6282afca8f4cdcbfd8c8fb7c5cafd86a69537b2fd619824f184_arm64",
"8Base-RHACM-2.7:rhacm2/submariner-globalnet-rhel8@sha256:67b56f6fbcb14caae9f1b20513d322deeed666a872ef02b5a73a5cf088183795_amd64",
"8Base-RHACM-2.7:rhacm2/submariner-globalnet-rhel8@sha256:7fca711199f677e53818bc75001ba8f327d3f0f3e322c11c6a187a2cfb41a9af_s390x",
"8Base-RHACM-2.7:rhacm2/submariner-globalnet-rhel8@sha256:edbd6157d552db94cc6edba05f4a0341e5f98849d26225dbd301da4a103c67f2_ppc64le",
"8Base-RHACM-2.7:rhacm2/submariner-networkplugin-syncer-rhel8@sha256:5d65182dd2cafc18c987f1ef9ed16b1ddffe1deef4070e821a6eeb33b1752b6e_arm64",
"8Base-RHACM-2.7:rhacm2/submariner-networkplugin-syncer-rhel8@sha256:98e572c91453a607b140421d5711ff9c2f0ce1a0999243868280fcb667e7632c_ppc64le",
"8Base-RHACM-2.7:rhacm2/submariner-networkplugin-syncer-rhel8@sha256:b9444ac6e5099190de999300a06a3f2f91f01c569a83ca7ff1cfbc40a2b72174_s390x",
"8Base-RHACM-2.7:rhacm2/submariner-networkplugin-syncer-rhel8@sha256:f8f3399de2bf019925cc85b89cc85f15049a7b135af97bdcff94aeaac5fe5762_amd64",
"8Base-RHACM-2.7:rhacm2/submariner-operator-bundle@sha256:5fd5a4910c4997a182ccb786fd22cf213bd651d0e14eb1645a150045bc47a779_ppc64le",
"8Base-RHACM-2.7:rhacm2/submariner-operator-bundle@sha256:69f061caec1403b1e4f002207a0b8acdc41ada2f9c7f46767648d05672d8c8ca_amd64",
"8Base-RHACM-2.7:rhacm2/submariner-operator-bundle@sha256:87b55b71c541c1edbe454185d728490eb39529d2b83f8e6c8443d334f9f81f3b_s390x",
"8Base-RHACM-2.7:rhacm2/submariner-operator-bundle@sha256:9f145c2eabacbcfa25a172a6de2516ad4a9e513c3d67b205e9a7e7069e8e4d4a_arm64",
"8Base-RHACM-2.7:rhacm2/submariner-rhel8-operator@sha256:3e054a396afcd57fd953856553f1c9d8f17b68ea9314a7307a9ead51dcb1f5c5_amd64",
"8Base-RHACM-2.7:rhacm2/submariner-rhel8-operator@sha256:727ac19ec8bbeed1a13b2ee09fe075a305c3fc3f568cfe40b499321a94061e50_ppc64le",
"8Base-RHACM-2.7:rhacm2/submariner-rhel8-operator@sha256:c0e26f8db9a5c0691185f80e6dcdd86d6a57c61e4066fdfd10eb8e31bed1469e_s390x",
"8Base-RHACM-2.7:rhacm2/submariner-rhel8-operator@sha256:c643fc44d3af4c3fd8671af2378bef068796fe98669b71579e50c154f2337b92_arm64",
"8Base-RHACM-2.7:rhacm2/submariner-route-agent-rhel8@sha256:4818471887484d8bb5ec2801c7fc98ef3cc52139c68f1f95a72ff9b54c124e3c_amd64",
"8Base-RHACM-2.7:rhacm2/submariner-route-agent-rhel8@sha256:5a3456edbe7796c9570bb01c6e720f4c32ba6e0a5051d0282f5b0db67fd8ea2c_arm64",
"8Base-RHACM-2.7:rhacm2/submariner-route-agent-rhel8@sha256:cdb405309b67640fe75ec802c5f3793b55217044f527c611b5155d6799b2e666_ppc64le",
"8Base-RHACM-2.7:rhacm2/submariner-route-agent-rhel8@sha256:efa917cc9518c1c15ae18d290b5bd4442afcacfcd7017c4e3470c3ce87ec6da5_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-2880"
},
{
"category": "external",
"summary": "RHBZ#2132868",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132868"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-2880",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2880"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2880",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2880"
},
{
"category": "external",
"summary": "https://github.com/golang/go/issues/54663",
"url": "https://github.com/golang/go/issues/54663"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1",
"url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1"
}
],
"release_date": "2022-10-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-02-07T17:23:40+00:00",
"details": "For details on how to install Submariner, refer to:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.7/html/add-ons/submariner#deploying-submariner-console \n\nand\n\nhttps://submariner.io/getting-started/",
"product_ids": [
"8Base-RHACM-2.7:rhacm2/subctl-rhel8@sha256:1dfa9cbde516c58a7889fa6765a2dedeeb1f5ca4a8bbae6073e0c5f030bb973d_arm64",
"8Base-RHACM-2.7:rhacm2/subctl-rhel8@sha256:434c03429e8e8dc873f6f33c0091e8ae549945a7c9804c501cdd4e037fddda1d_s390x",
"8Base-RHACM-2.7:rhacm2/subctl-rhel8@sha256:690f87d67e3a9c63a4a95bf118bcea774d43437c7e68441ea3cfbcd40194c78d_amd64",
"8Base-RHACM-2.7:rhacm2/subctl-rhel8@sha256:985b34c33af8f50a10f3f6f0056b2ff6baad2f5e152df45382d3f23048e901c7_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0631"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-RHACM-2.7:rhacm2/lighthouse-agent-rhel8@sha256:135a7d6329ff7accf471f81b7cc235454a8de632d82eff7472769908dee4ea62_ppc64le",
"8Base-RHACM-2.7:rhacm2/lighthouse-agent-rhel8@sha256:3889ac37818edf1a73a78b21117f21e03e6c5d04afce4e087df0915d29f7ae0b_arm64",
"8Base-RHACM-2.7:rhacm2/lighthouse-agent-rhel8@sha256:61504950ebe4601f60431611d6edcb825cf07781490dec3cf8dedf77c8bb3bc5_s390x",
"8Base-RHACM-2.7:rhacm2/lighthouse-agent-rhel8@sha256:9b75b42c8b9cfb029e76b806e8eb9dc3178a76e358abf7a5ea56b50503f9b6e6_amd64",
"8Base-RHACM-2.7:rhacm2/lighthouse-coredns-rhel8@sha256:323319be40279b7c001bda0a7eae67b5662c1e7c9a9621a9ce9ec66b32ee4bbc_amd64",
"8Base-RHACM-2.7:rhacm2/lighthouse-coredns-rhel8@sha256:dbe8522519a073ed4620886586b4d0b467f1383d35b42ee779b60fc4733abe53_s390x",
"8Base-RHACM-2.7:rhacm2/lighthouse-coredns-rhel8@sha256:e66ef48970b4a4755c1677687508036927717fff47d24864cee09eb169930755_ppc64le",
"8Base-RHACM-2.7:rhacm2/lighthouse-coredns-rhel8@sha256:ed7b1d9eaa0fb5395b579214fcbb8c6c9f47147711affed6c40a9ea76e3ec5cc_arm64",
"8Base-RHACM-2.7:rhacm2/nettest-rhel8@sha256:21280d682e06e920a6620e823ff873dd7f26bcdf1f5e6afeaea33bd17fc90b32_arm64",
"8Base-RHACM-2.7:rhacm2/nettest-rhel8@sha256:80ecc8810042471f15091d785dc7c34cdb0afa7c845784c0a40a82244c51f132_ppc64le",
"8Base-RHACM-2.7:rhacm2/nettest-rhel8@sha256:f2eb14197331ee3fc6a022f17f22ca5b8ee54f76783ffa9e581a0eca5377122e_amd64",
"8Base-RHACM-2.7:rhacm2/nettest-rhel8@sha256:fbfda748f9522137e99a91b4961ad2fb4e582256f1f25fb5f16d498f67dc99d8_s390x",
"8Base-RHACM-2.7:rhacm2/subctl-rhel8@sha256:1dfa9cbde516c58a7889fa6765a2dedeeb1f5ca4a8bbae6073e0c5f030bb973d_arm64",
"8Base-RHACM-2.7:rhacm2/subctl-rhel8@sha256:434c03429e8e8dc873f6f33c0091e8ae549945a7c9804c501cdd4e037fddda1d_s390x",
"8Base-RHACM-2.7:rhacm2/subctl-rhel8@sha256:690f87d67e3a9c63a4a95bf118bcea774d43437c7e68441ea3cfbcd40194c78d_amd64",
"8Base-RHACM-2.7:rhacm2/subctl-rhel8@sha256:985b34c33af8f50a10f3f6f0056b2ff6baad2f5e152df45382d3f23048e901c7_ppc64le",
"8Base-RHACM-2.7:rhacm2/submariner-gateway-rhel8@sha256:4feb9fd7fa4da86d7eefbc8b1704cda6f9c9920c1b2903aca7b136532c56c3b9_amd64",
"8Base-RHACM-2.7:rhacm2/submariner-gateway-rhel8@sha256:62cd51e00ca635ea41ae24b522c67b90299ce5914d72b4e89343f8eb3a8248d6_ppc64le",
"8Base-RHACM-2.7:rhacm2/submariner-gateway-rhel8@sha256:e9157a51b02b5ba0e44f1e25bf96c7ea950ba6576935ea6be0a3b14781bc0a37_arm64",
"8Base-RHACM-2.7:rhacm2/submariner-gateway-rhel8@sha256:f937e339d6e3639faefecb07a91e065fd8417ddd7d094c325463719e007f56db_s390x",
"8Base-RHACM-2.7:rhacm2/submariner-globalnet-rhel8@sha256:5924cc9a8092d6282afca8f4cdcbfd8c8fb7c5cafd86a69537b2fd619824f184_arm64",
"8Base-RHACM-2.7:rhacm2/submariner-globalnet-rhel8@sha256:67b56f6fbcb14caae9f1b20513d322deeed666a872ef02b5a73a5cf088183795_amd64",
"8Base-RHACM-2.7:rhacm2/submariner-globalnet-rhel8@sha256:7fca711199f677e53818bc75001ba8f327d3f0f3e322c11c6a187a2cfb41a9af_s390x",
"8Base-RHACM-2.7:rhacm2/submariner-globalnet-rhel8@sha256:edbd6157d552db94cc6edba05f4a0341e5f98849d26225dbd301da4a103c67f2_ppc64le",
"8Base-RHACM-2.7:rhacm2/submariner-networkplugin-syncer-rhel8@sha256:5d65182dd2cafc18c987f1ef9ed16b1ddffe1deef4070e821a6eeb33b1752b6e_arm64",
"8Base-RHACM-2.7:rhacm2/submariner-networkplugin-syncer-rhel8@sha256:98e572c91453a607b140421d5711ff9c2f0ce1a0999243868280fcb667e7632c_ppc64le",
"8Base-RHACM-2.7:rhacm2/submariner-networkplugin-syncer-rhel8@sha256:b9444ac6e5099190de999300a06a3f2f91f01c569a83ca7ff1cfbc40a2b72174_s390x",
"8Base-RHACM-2.7:rhacm2/submariner-networkplugin-syncer-rhel8@sha256:f8f3399de2bf019925cc85b89cc85f15049a7b135af97bdcff94aeaac5fe5762_amd64",
"8Base-RHACM-2.7:rhacm2/submariner-operator-bundle@sha256:5fd5a4910c4997a182ccb786fd22cf213bd651d0e14eb1645a150045bc47a779_ppc64le",
"8Base-RHACM-2.7:rhacm2/submariner-operator-bundle@sha256:69f061caec1403b1e4f002207a0b8acdc41ada2f9c7f46767648d05672d8c8ca_amd64",
"8Base-RHACM-2.7:rhacm2/submariner-operator-bundle@sha256:87b55b71c541c1edbe454185d728490eb39529d2b83f8e6c8443d334f9f81f3b_s390x",
"8Base-RHACM-2.7:rhacm2/submariner-operator-bundle@sha256:9f145c2eabacbcfa25a172a6de2516ad4a9e513c3d67b205e9a7e7069e8e4d4a_arm64",
"8Base-RHACM-2.7:rhacm2/submariner-rhel8-operator@sha256:3e054a396afcd57fd953856553f1c9d8f17b68ea9314a7307a9ead51dcb1f5c5_amd64",
"8Base-RHACM-2.7:rhacm2/submariner-rhel8-operator@sha256:727ac19ec8bbeed1a13b2ee09fe075a305c3fc3f568cfe40b499321a94061e50_ppc64le",
"8Base-RHACM-2.7:rhacm2/submariner-rhel8-operator@sha256:c0e26f8db9a5c0691185f80e6dcdd86d6a57c61e4066fdfd10eb8e31bed1469e_s390x",
"8Base-RHACM-2.7:rhacm2/submariner-rhel8-operator@sha256:c643fc44d3af4c3fd8671af2378bef068796fe98669b71579e50c154f2337b92_arm64",
"8Base-RHACM-2.7:rhacm2/submariner-route-agent-rhel8@sha256:4818471887484d8bb5ec2801c7fc98ef3cc52139c68f1f95a72ff9b54c124e3c_amd64",
"8Base-RHACM-2.7:rhacm2/submariner-route-agent-rhel8@sha256:5a3456edbe7796c9570bb01c6e720f4c32ba6e0a5051d0282f5b0db67fd8ea2c_arm64",
"8Base-RHACM-2.7:rhacm2/submariner-route-agent-rhel8@sha256:cdb405309b67640fe75ec802c5f3793b55217044f527c611b5155d6799b2e666_ppc64le",
"8Base-RHACM-2.7:rhacm2/submariner-route-agent-rhel8@sha256:efa917cc9518c1c15ae18d290b5bd4442afcacfcd7017c4e3470c3ce87ec6da5_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters"
},
{
"cve": "CVE-2022-27664",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-09-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHACM-2.7:rhacm2/lighthouse-agent-rhel8@sha256:135a7d6329ff7accf471f81b7cc235454a8de632d82eff7472769908dee4ea62_ppc64le",
"8Base-RHACM-2.7:rhacm2/lighthouse-agent-rhel8@sha256:3889ac37818edf1a73a78b21117f21e03e6c5d04afce4e087df0915d29f7ae0b_arm64",
"8Base-RHACM-2.7:rhacm2/lighthouse-agent-rhel8@sha256:61504950ebe4601f60431611d6edcb825cf07781490dec3cf8dedf77c8bb3bc5_s390x",
"8Base-RHACM-2.7:rhacm2/lighthouse-agent-rhel8@sha256:9b75b42c8b9cfb029e76b806e8eb9dc3178a76e358abf7a5ea56b50503f9b6e6_amd64",
"8Base-RHACM-2.7:rhacm2/lighthouse-coredns-rhel8@sha256:323319be40279b7c001bda0a7eae67b5662c1e7c9a9621a9ce9ec66b32ee4bbc_amd64",
"8Base-RHACM-2.7:rhacm2/lighthouse-coredns-rhel8@sha256:dbe8522519a073ed4620886586b4d0b467f1383d35b42ee779b60fc4733abe53_s390x",
"8Base-RHACM-2.7:rhacm2/lighthouse-coredns-rhel8@sha256:e66ef48970b4a4755c1677687508036927717fff47d24864cee09eb169930755_ppc64le",
"8Base-RHACM-2.7:rhacm2/lighthouse-coredns-rhel8@sha256:ed7b1d9eaa0fb5395b579214fcbb8c6c9f47147711affed6c40a9ea76e3ec5cc_arm64",
"8Base-RHACM-2.7:rhacm2/nettest-rhel8@sha256:21280d682e06e920a6620e823ff873dd7f26bcdf1f5e6afeaea33bd17fc90b32_arm64",
"8Base-RHACM-2.7:rhacm2/nettest-rhel8@sha256:80ecc8810042471f15091d785dc7c34cdb0afa7c845784c0a40a82244c51f132_ppc64le",
"8Base-RHACM-2.7:rhacm2/nettest-rhel8@sha256:f2eb14197331ee3fc6a022f17f22ca5b8ee54f76783ffa9e581a0eca5377122e_amd64",
"8Base-RHACM-2.7:rhacm2/nettest-rhel8@sha256:fbfda748f9522137e99a91b4961ad2fb4e582256f1f25fb5f16d498f67dc99d8_s390x",
"8Base-RHACM-2.7:rhacm2/submariner-gateway-rhel8@sha256:4feb9fd7fa4da86d7eefbc8b1704cda6f9c9920c1b2903aca7b136532c56c3b9_amd64",
"8Base-RHACM-2.7:rhacm2/submariner-gateway-rhel8@sha256:62cd51e00ca635ea41ae24b522c67b90299ce5914d72b4e89343f8eb3a8248d6_ppc64le",
"8Base-RHACM-2.7:rhacm2/submariner-gateway-rhel8@sha256:e9157a51b02b5ba0e44f1e25bf96c7ea950ba6576935ea6be0a3b14781bc0a37_arm64",
"8Base-RHACM-2.7:rhacm2/submariner-gateway-rhel8@sha256:f937e339d6e3639faefecb07a91e065fd8417ddd7d094c325463719e007f56db_s390x",
"8Base-RHACM-2.7:rhacm2/submariner-globalnet-rhel8@sha256:5924cc9a8092d6282afca8f4cdcbfd8c8fb7c5cafd86a69537b2fd619824f184_arm64",
"8Base-RHACM-2.7:rhacm2/submariner-globalnet-rhel8@sha256:67b56f6fbcb14caae9f1b20513d322deeed666a872ef02b5a73a5cf088183795_amd64",
"8Base-RHACM-2.7:rhacm2/submariner-globalnet-rhel8@sha256:7fca711199f677e53818bc75001ba8f327d3f0f3e322c11c6a187a2cfb41a9af_s390x",
"8Base-RHACM-2.7:rhacm2/submariner-globalnet-rhel8@sha256:edbd6157d552db94cc6edba05f4a0341e5f98849d26225dbd301da4a103c67f2_ppc64le",
"8Base-RHACM-2.7:rhacm2/submariner-networkplugin-syncer-rhel8@sha256:5d65182dd2cafc18c987f1ef9ed16b1ddffe1deef4070e821a6eeb33b1752b6e_arm64",
"8Base-RHACM-2.7:rhacm2/submariner-networkplugin-syncer-rhel8@sha256:98e572c91453a607b140421d5711ff9c2f0ce1a0999243868280fcb667e7632c_ppc64le",
"8Base-RHACM-2.7:rhacm2/submariner-networkplugin-syncer-rhel8@sha256:b9444ac6e5099190de999300a06a3f2f91f01c569a83ca7ff1cfbc40a2b72174_s390x",
"8Base-RHACM-2.7:rhacm2/submariner-networkplugin-syncer-rhel8@sha256:f8f3399de2bf019925cc85b89cc85f15049a7b135af97bdcff94aeaac5fe5762_amd64",
"8Base-RHACM-2.7:rhacm2/submariner-operator-bundle@sha256:5fd5a4910c4997a182ccb786fd22cf213bd651d0e14eb1645a150045bc47a779_ppc64le",
"8Base-RHACM-2.7:rhacm2/submariner-operator-bundle@sha256:69f061caec1403b1e4f002207a0b8acdc41ada2f9c7f46767648d05672d8c8ca_amd64",
"8Base-RHACM-2.7:rhacm2/submariner-operator-bundle@sha256:87b55b71c541c1edbe454185d728490eb39529d2b83f8e6c8443d334f9f81f3b_s390x",
"8Base-RHACM-2.7:rhacm2/submariner-operator-bundle@sha256:9f145c2eabacbcfa25a172a6de2516ad4a9e513c3d67b205e9a7e7069e8e4d4a_arm64",
"8Base-RHACM-2.7:rhacm2/submariner-rhel8-operator@sha256:3e054a396afcd57fd953856553f1c9d8f17b68ea9314a7307a9ead51dcb1f5c5_amd64",
"8Base-RHACM-2.7:rhacm2/submariner-rhel8-operator@sha256:727ac19ec8bbeed1a13b2ee09fe075a305c3fc3f568cfe40b499321a94061e50_ppc64le",
"8Base-RHACM-2.7:rhacm2/submariner-rhel8-operator@sha256:c0e26f8db9a5c0691185f80e6dcdd86d6a57c61e4066fdfd10eb8e31bed1469e_s390x",
"8Base-RHACM-2.7:rhacm2/submariner-rhel8-operator@sha256:c643fc44d3af4c3fd8671af2378bef068796fe98669b71579e50c154f2337b92_arm64",
"8Base-RHACM-2.7:rhacm2/submariner-route-agent-rhel8@sha256:4818471887484d8bb5ec2801c7fc98ef3cc52139c68f1f95a72ff9b54c124e3c_amd64",
"8Base-RHACM-2.7:rhacm2/submariner-route-agent-rhel8@sha256:5a3456edbe7796c9570bb01c6e720f4c32ba6e0a5051d0282f5b0db67fd8ea2c_arm64",
"8Base-RHACM-2.7:rhacm2/submariner-route-agent-rhel8@sha256:cdb405309b67640fe75ec802c5f3793b55217044f527c611b5155d6799b2e666_ppc64le",
"8Base-RHACM-2.7:rhacm2/submariner-route-agent-rhel8@sha256:efa917cc9518c1c15ae18d290b5bd4442afcacfcd7017c4e3470c3ce87ec6da5_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2124669"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: handle server errors after sending GOAWAY",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHACM-2.7:rhacm2/subctl-rhel8@sha256:1dfa9cbde516c58a7889fa6765a2dedeeb1f5ca4a8bbae6073e0c5f030bb973d_arm64",
"8Base-RHACM-2.7:rhacm2/subctl-rhel8@sha256:434c03429e8e8dc873f6f33c0091e8ae549945a7c9804c501cdd4e037fddda1d_s390x",
"8Base-RHACM-2.7:rhacm2/subctl-rhel8@sha256:690f87d67e3a9c63a4a95bf118bcea774d43437c7e68441ea3cfbcd40194c78d_amd64",
"8Base-RHACM-2.7:rhacm2/subctl-rhel8@sha256:985b34c33af8f50a10f3f6f0056b2ff6baad2f5e152df45382d3f23048e901c7_ppc64le"
],
"known_not_affected": [
"8Base-RHACM-2.7:rhacm2/lighthouse-agent-rhel8@sha256:135a7d6329ff7accf471f81b7cc235454a8de632d82eff7472769908dee4ea62_ppc64le",
"8Base-RHACM-2.7:rhacm2/lighthouse-agent-rhel8@sha256:3889ac37818edf1a73a78b21117f21e03e6c5d04afce4e087df0915d29f7ae0b_arm64",
"8Base-RHACM-2.7:rhacm2/lighthouse-agent-rhel8@sha256:61504950ebe4601f60431611d6edcb825cf07781490dec3cf8dedf77c8bb3bc5_s390x",
"8Base-RHACM-2.7:rhacm2/lighthouse-agent-rhel8@sha256:9b75b42c8b9cfb029e76b806e8eb9dc3178a76e358abf7a5ea56b50503f9b6e6_amd64",
"8Base-RHACM-2.7:rhacm2/lighthouse-coredns-rhel8@sha256:323319be40279b7c001bda0a7eae67b5662c1e7c9a9621a9ce9ec66b32ee4bbc_amd64",
"8Base-RHACM-2.7:rhacm2/lighthouse-coredns-rhel8@sha256:dbe8522519a073ed4620886586b4d0b467f1383d35b42ee779b60fc4733abe53_s390x",
"8Base-RHACM-2.7:rhacm2/lighthouse-coredns-rhel8@sha256:e66ef48970b4a4755c1677687508036927717fff47d24864cee09eb169930755_ppc64le",
"8Base-RHACM-2.7:rhacm2/lighthouse-coredns-rhel8@sha256:ed7b1d9eaa0fb5395b579214fcbb8c6c9f47147711affed6c40a9ea76e3ec5cc_arm64",
"8Base-RHACM-2.7:rhacm2/nettest-rhel8@sha256:21280d682e06e920a6620e823ff873dd7f26bcdf1f5e6afeaea33bd17fc90b32_arm64",
"8Base-RHACM-2.7:rhacm2/nettest-rhel8@sha256:80ecc8810042471f15091d785dc7c34cdb0afa7c845784c0a40a82244c51f132_ppc64le",
"8Base-RHACM-2.7:rhacm2/nettest-rhel8@sha256:f2eb14197331ee3fc6a022f17f22ca5b8ee54f76783ffa9e581a0eca5377122e_amd64",
"8Base-RHACM-2.7:rhacm2/nettest-rhel8@sha256:fbfda748f9522137e99a91b4961ad2fb4e582256f1f25fb5f16d498f67dc99d8_s390x",
"8Base-RHACM-2.7:rhacm2/submariner-gateway-rhel8@sha256:4feb9fd7fa4da86d7eefbc8b1704cda6f9c9920c1b2903aca7b136532c56c3b9_amd64",
"8Base-RHACM-2.7:rhacm2/submariner-gateway-rhel8@sha256:62cd51e00ca635ea41ae24b522c67b90299ce5914d72b4e89343f8eb3a8248d6_ppc64le",
"8Base-RHACM-2.7:rhacm2/submariner-gateway-rhel8@sha256:e9157a51b02b5ba0e44f1e25bf96c7ea950ba6576935ea6be0a3b14781bc0a37_arm64",
"8Base-RHACM-2.7:rhacm2/submariner-gateway-rhel8@sha256:f937e339d6e3639faefecb07a91e065fd8417ddd7d094c325463719e007f56db_s390x",
"8Base-RHACM-2.7:rhacm2/submariner-globalnet-rhel8@sha256:5924cc9a8092d6282afca8f4cdcbfd8c8fb7c5cafd86a69537b2fd619824f184_arm64",
"8Base-RHACM-2.7:rhacm2/submariner-globalnet-rhel8@sha256:67b56f6fbcb14caae9f1b20513d322deeed666a872ef02b5a73a5cf088183795_amd64",
"8Base-RHACM-2.7:rhacm2/submariner-globalnet-rhel8@sha256:7fca711199f677e53818bc75001ba8f327d3f0f3e322c11c6a187a2cfb41a9af_s390x",
"8Base-RHACM-2.7:rhacm2/submariner-globalnet-rhel8@sha256:edbd6157d552db94cc6edba05f4a0341e5f98849d26225dbd301da4a103c67f2_ppc64le",
"8Base-RHACM-2.7:rhacm2/submariner-networkplugin-syncer-rhel8@sha256:5d65182dd2cafc18c987f1ef9ed16b1ddffe1deef4070e821a6eeb33b1752b6e_arm64",
"8Base-RHACM-2.7:rhacm2/submariner-networkplugin-syncer-rhel8@sha256:98e572c91453a607b140421d5711ff9c2f0ce1a0999243868280fcb667e7632c_ppc64le",
"8Base-RHACM-2.7:rhacm2/submariner-networkplugin-syncer-rhel8@sha256:b9444ac6e5099190de999300a06a3f2f91f01c569a83ca7ff1cfbc40a2b72174_s390x",
"8Base-RHACM-2.7:rhacm2/submariner-networkplugin-syncer-rhel8@sha256:f8f3399de2bf019925cc85b89cc85f15049a7b135af97bdcff94aeaac5fe5762_amd64",
"8Base-RHACM-2.7:rhacm2/submariner-operator-bundle@sha256:5fd5a4910c4997a182ccb786fd22cf213bd651d0e14eb1645a150045bc47a779_ppc64le",
"8Base-RHACM-2.7:rhacm2/submariner-operator-bundle@sha256:69f061caec1403b1e4f002207a0b8acdc41ada2f9c7f46767648d05672d8c8ca_amd64",
"8Base-RHACM-2.7:rhacm2/submariner-operator-bundle@sha256:87b55b71c541c1edbe454185d728490eb39529d2b83f8e6c8443d334f9f81f3b_s390x",
"8Base-RHACM-2.7:rhacm2/submariner-operator-bundle@sha256:9f145c2eabacbcfa25a172a6de2516ad4a9e513c3d67b205e9a7e7069e8e4d4a_arm64",
"8Base-RHACM-2.7:rhacm2/submariner-rhel8-operator@sha256:3e054a396afcd57fd953856553f1c9d8f17b68ea9314a7307a9ead51dcb1f5c5_amd64",
"8Base-RHACM-2.7:rhacm2/submariner-rhel8-operator@sha256:727ac19ec8bbeed1a13b2ee09fe075a305c3fc3f568cfe40b499321a94061e50_ppc64le",
"8Base-RHACM-2.7:rhacm2/submariner-rhel8-operator@sha256:c0e26f8db9a5c0691185f80e6dcdd86d6a57c61e4066fdfd10eb8e31bed1469e_s390x",
"8Base-RHACM-2.7:rhacm2/submariner-rhel8-operator@sha256:c643fc44d3af4c3fd8671af2378bef068796fe98669b71579e50c154f2337b92_arm64",
"8Base-RHACM-2.7:rhacm2/submariner-route-agent-rhel8@sha256:4818471887484d8bb5ec2801c7fc98ef3cc52139c68f1f95a72ff9b54c124e3c_amd64",
"8Base-RHACM-2.7:rhacm2/submariner-route-agent-rhel8@sha256:5a3456edbe7796c9570bb01c6e720f4c32ba6e0a5051d0282f5b0db67fd8ea2c_arm64",
"8Base-RHACM-2.7:rhacm2/submariner-route-agent-rhel8@sha256:cdb405309b67640fe75ec802c5f3793b55217044f527c611b5155d6799b2e666_ppc64le",
"8Base-RHACM-2.7:rhacm2/submariner-route-agent-rhel8@sha256:efa917cc9518c1c15ae18d290b5bd4442afcacfcd7017c4e3470c3ce87ec6da5_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-27664"
},
{
"category": "external",
"summary": "RHBZ#2124669",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124669"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-27664",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27664"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-27664",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27664"
},
{
"category": "external",
"summary": "https://go.dev/issue/54658",
"url": "https://go.dev/issue/54658"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ",
"url": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ"
}
],
"release_date": "2022-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-02-07T17:23:40+00:00",
"details": "For details on how to install Submariner, refer to:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.7/html/add-ons/submariner#deploying-submariner-console \n\nand\n\nhttps://submariner.io/getting-started/",
"product_ids": [
"8Base-RHACM-2.7:rhacm2/subctl-rhel8@sha256:1dfa9cbde516c58a7889fa6765a2dedeeb1f5ca4a8bbae6073e0c5f030bb973d_arm64",
"8Base-RHACM-2.7:rhacm2/subctl-rhel8@sha256:434c03429e8e8dc873f6f33c0091e8ae549945a7c9804c501cdd4e037fddda1d_s390x",
"8Base-RHACM-2.7:rhacm2/subctl-rhel8@sha256:690f87d67e3a9c63a4a95bf118bcea774d43437c7e68441ea3cfbcd40194c78d_amd64",
"8Base-RHACM-2.7:rhacm2/subctl-rhel8@sha256:985b34c33af8f50a10f3f6f0056b2ff6baad2f5e152df45382d3f23048e901c7_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0631"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHACM-2.7:rhacm2/lighthouse-agent-rhel8@sha256:135a7d6329ff7accf471f81b7cc235454a8de632d82eff7472769908dee4ea62_ppc64le",
"8Base-RHACM-2.7:rhacm2/lighthouse-agent-rhel8@sha256:3889ac37818edf1a73a78b21117f21e03e6c5d04afce4e087df0915d29f7ae0b_arm64",
"8Base-RHACM-2.7:rhacm2/lighthouse-agent-rhel8@sha256:61504950ebe4601f60431611d6edcb825cf07781490dec3cf8dedf77c8bb3bc5_s390x",
"8Base-RHACM-2.7:rhacm2/lighthouse-agent-rhel8@sha256:9b75b42c8b9cfb029e76b806e8eb9dc3178a76e358abf7a5ea56b50503f9b6e6_amd64",
"8Base-RHACM-2.7:rhacm2/lighthouse-coredns-rhel8@sha256:323319be40279b7c001bda0a7eae67b5662c1e7c9a9621a9ce9ec66b32ee4bbc_amd64",
"8Base-RHACM-2.7:rhacm2/lighthouse-coredns-rhel8@sha256:dbe8522519a073ed4620886586b4d0b467f1383d35b42ee779b60fc4733abe53_s390x",
"8Base-RHACM-2.7:rhacm2/lighthouse-coredns-rhel8@sha256:e66ef48970b4a4755c1677687508036927717fff47d24864cee09eb169930755_ppc64le",
"8Base-RHACM-2.7:rhacm2/lighthouse-coredns-rhel8@sha256:ed7b1d9eaa0fb5395b579214fcbb8c6c9f47147711affed6c40a9ea76e3ec5cc_arm64",
"8Base-RHACM-2.7:rhacm2/nettest-rhel8@sha256:21280d682e06e920a6620e823ff873dd7f26bcdf1f5e6afeaea33bd17fc90b32_arm64",
"8Base-RHACM-2.7:rhacm2/nettest-rhel8@sha256:80ecc8810042471f15091d785dc7c34cdb0afa7c845784c0a40a82244c51f132_ppc64le",
"8Base-RHACM-2.7:rhacm2/nettest-rhel8@sha256:f2eb14197331ee3fc6a022f17f22ca5b8ee54f76783ffa9e581a0eca5377122e_amd64",
"8Base-RHACM-2.7:rhacm2/nettest-rhel8@sha256:fbfda748f9522137e99a91b4961ad2fb4e582256f1f25fb5f16d498f67dc99d8_s390x",
"8Base-RHACM-2.7:rhacm2/subctl-rhel8@sha256:1dfa9cbde516c58a7889fa6765a2dedeeb1f5ca4a8bbae6073e0c5f030bb973d_arm64",
"8Base-RHACM-2.7:rhacm2/subctl-rhel8@sha256:434c03429e8e8dc873f6f33c0091e8ae549945a7c9804c501cdd4e037fddda1d_s390x",
"8Base-RHACM-2.7:rhacm2/subctl-rhel8@sha256:690f87d67e3a9c63a4a95bf118bcea774d43437c7e68441ea3cfbcd40194c78d_amd64",
"8Base-RHACM-2.7:rhacm2/subctl-rhel8@sha256:985b34c33af8f50a10f3f6f0056b2ff6baad2f5e152df45382d3f23048e901c7_ppc64le",
"8Base-RHACM-2.7:rhacm2/submariner-gateway-rhel8@sha256:4feb9fd7fa4da86d7eefbc8b1704cda6f9c9920c1b2903aca7b136532c56c3b9_amd64",
"8Base-RHACM-2.7:rhacm2/submariner-gateway-rhel8@sha256:62cd51e00ca635ea41ae24b522c67b90299ce5914d72b4e89343f8eb3a8248d6_ppc64le",
"8Base-RHACM-2.7:rhacm2/submariner-gateway-rhel8@sha256:e9157a51b02b5ba0e44f1e25bf96c7ea950ba6576935ea6be0a3b14781bc0a37_arm64",
"8Base-RHACM-2.7:rhacm2/submariner-gateway-rhel8@sha256:f937e339d6e3639faefecb07a91e065fd8417ddd7d094c325463719e007f56db_s390x",
"8Base-RHACM-2.7:rhacm2/submariner-globalnet-rhel8@sha256:5924cc9a8092d6282afca8f4cdcbfd8c8fb7c5cafd86a69537b2fd619824f184_arm64",
"8Base-RHACM-2.7:rhacm2/submariner-globalnet-rhel8@sha256:67b56f6fbcb14caae9f1b20513d322deeed666a872ef02b5a73a5cf088183795_amd64",
"8Base-RHACM-2.7:rhacm2/submariner-globalnet-rhel8@sha256:7fca711199f677e53818bc75001ba8f327d3f0f3e322c11c6a187a2cfb41a9af_s390x",
"8Base-RHACM-2.7:rhacm2/submariner-globalnet-rhel8@sha256:edbd6157d552db94cc6edba05f4a0341e5f98849d26225dbd301da4a103c67f2_ppc64le",
"8Base-RHACM-2.7:rhacm2/submariner-networkplugin-syncer-rhel8@sha256:5d65182dd2cafc18c987f1ef9ed16b1ddffe1deef4070e821a6eeb33b1752b6e_arm64",
"8Base-RHACM-2.7:rhacm2/submariner-networkplugin-syncer-rhel8@sha256:98e572c91453a607b140421d5711ff9c2f0ce1a0999243868280fcb667e7632c_ppc64le",
"8Base-RHACM-2.7:rhacm2/submariner-networkplugin-syncer-rhel8@sha256:b9444ac6e5099190de999300a06a3f2f91f01c569a83ca7ff1cfbc40a2b72174_s390x",
"8Base-RHACM-2.7:rhacm2/submariner-networkplugin-syncer-rhel8@sha256:f8f3399de2bf019925cc85b89cc85f15049a7b135af97bdcff94aeaac5fe5762_amd64",
"8Base-RHACM-2.7:rhacm2/submariner-operator-bundle@sha256:5fd5a4910c4997a182ccb786fd22cf213bd651d0e14eb1645a150045bc47a779_ppc64le",
"8Base-RHACM-2.7:rhacm2/submariner-operator-bundle@sha256:69f061caec1403b1e4f002207a0b8acdc41ada2f9c7f46767648d05672d8c8ca_amd64",
"8Base-RHACM-2.7:rhacm2/submariner-operator-bundle@sha256:87b55b71c541c1edbe454185d728490eb39529d2b83f8e6c8443d334f9f81f3b_s390x",
"8Base-RHACM-2.7:rhacm2/submariner-operator-bundle@sha256:9f145c2eabacbcfa25a172a6de2516ad4a9e513c3d67b205e9a7e7069e8e4d4a_arm64",
"8Base-RHACM-2.7:rhacm2/submariner-rhel8-operator@sha256:3e054a396afcd57fd953856553f1c9d8f17b68ea9314a7307a9ead51dcb1f5c5_amd64",
"8Base-RHACM-2.7:rhacm2/submariner-rhel8-operator@sha256:727ac19ec8bbeed1a13b2ee09fe075a305c3fc3f568cfe40b499321a94061e50_ppc64le",
"8Base-RHACM-2.7:rhacm2/submariner-rhel8-operator@sha256:c0e26f8db9a5c0691185f80e6dcdd86d6a57c61e4066fdfd10eb8e31bed1469e_s390x",
"8Base-RHACM-2.7:rhacm2/submariner-rhel8-operator@sha256:c643fc44d3af4c3fd8671af2378bef068796fe98669b71579e50c154f2337b92_arm64",
"8Base-RHACM-2.7:rhacm2/submariner-route-agent-rhel8@sha256:4818471887484d8bb5ec2801c7fc98ef3cc52139c68f1f95a72ff9b54c124e3c_amd64",
"8Base-RHACM-2.7:rhacm2/submariner-route-agent-rhel8@sha256:5a3456edbe7796c9570bb01c6e720f4c32ba6e0a5051d0282f5b0db67fd8ea2c_arm64",
"8Base-RHACM-2.7:rhacm2/submariner-route-agent-rhel8@sha256:cdb405309b67640fe75ec802c5f3793b55217044f527c611b5155d6799b2e666_ppc64le",
"8Base-RHACM-2.7:rhacm2/submariner-route-agent-rhel8@sha256:efa917cc9518c1c15ae18d290b5bd4442afcacfcd7017c4e3470c3ce87ec6da5_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: handle server errors after sending GOAWAY"
},
{
"acknowledgments": [
{
"names": [
"Adam Korczynski"
],
"organization": "ADA Logics"
},
{
"names": [
"OSS-Fuzz"
]
}
],
"cve": "CVE-2022-41715",
"discovery_date": "2022-10-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHACM-2.7:rhacm2/lighthouse-agent-rhel8@sha256:135a7d6329ff7accf471f81b7cc235454a8de632d82eff7472769908dee4ea62_ppc64le",
"8Base-RHACM-2.7:rhacm2/lighthouse-agent-rhel8@sha256:3889ac37818edf1a73a78b21117f21e03e6c5d04afce4e087df0915d29f7ae0b_arm64",
"8Base-RHACM-2.7:rhacm2/lighthouse-agent-rhel8@sha256:61504950ebe4601f60431611d6edcb825cf07781490dec3cf8dedf77c8bb3bc5_s390x",
"8Base-RHACM-2.7:rhacm2/lighthouse-agent-rhel8@sha256:9b75b42c8b9cfb029e76b806e8eb9dc3178a76e358abf7a5ea56b50503f9b6e6_amd64",
"8Base-RHACM-2.7:rhacm2/lighthouse-coredns-rhel8@sha256:323319be40279b7c001bda0a7eae67b5662c1e7c9a9621a9ce9ec66b32ee4bbc_amd64",
"8Base-RHACM-2.7:rhacm2/lighthouse-coredns-rhel8@sha256:dbe8522519a073ed4620886586b4d0b467f1383d35b42ee779b60fc4733abe53_s390x",
"8Base-RHACM-2.7:rhacm2/lighthouse-coredns-rhel8@sha256:e66ef48970b4a4755c1677687508036927717fff47d24864cee09eb169930755_ppc64le",
"8Base-RHACM-2.7:rhacm2/lighthouse-coredns-rhel8@sha256:ed7b1d9eaa0fb5395b579214fcbb8c6c9f47147711affed6c40a9ea76e3ec5cc_arm64",
"8Base-RHACM-2.7:rhacm2/nettest-rhel8@sha256:21280d682e06e920a6620e823ff873dd7f26bcdf1f5e6afeaea33bd17fc90b32_arm64",
"8Base-RHACM-2.7:rhacm2/nettest-rhel8@sha256:80ecc8810042471f15091d785dc7c34cdb0afa7c845784c0a40a82244c51f132_ppc64le",
"8Base-RHACM-2.7:rhacm2/nettest-rhel8@sha256:f2eb14197331ee3fc6a022f17f22ca5b8ee54f76783ffa9e581a0eca5377122e_amd64",
"8Base-RHACM-2.7:rhacm2/nettest-rhel8@sha256:fbfda748f9522137e99a91b4961ad2fb4e582256f1f25fb5f16d498f67dc99d8_s390x",
"8Base-RHACM-2.7:rhacm2/submariner-gateway-rhel8@sha256:4feb9fd7fa4da86d7eefbc8b1704cda6f9c9920c1b2903aca7b136532c56c3b9_amd64",
"8Base-RHACM-2.7:rhacm2/submariner-gateway-rhel8@sha256:62cd51e00ca635ea41ae24b522c67b90299ce5914d72b4e89343f8eb3a8248d6_ppc64le",
"8Base-RHACM-2.7:rhacm2/submariner-gateway-rhel8@sha256:e9157a51b02b5ba0e44f1e25bf96c7ea950ba6576935ea6be0a3b14781bc0a37_arm64",
"8Base-RHACM-2.7:rhacm2/submariner-gateway-rhel8@sha256:f937e339d6e3639faefecb07a91e065fd8417ddd7d094c325463719e007f56db_s390x",
"8Base-RHACM-2.7:rhacm2/submariner-globalnet-rhel8@sha256:5924cc9a8092d6282afca8f4cdcbfd8c8fb7c5cafd86a69537b2fd619824f184_arm64",
"8Base-RHACM-2.7:rhacm2/submariner-globalnet-rhel8@sha256:67b56f6fbcb14caae9f1b20513d322deeed666a872ef02b5a73a5cf088183795_amd64",
"8Base-RHACM-2.7:rhacm2/submariner-globalnet-rhel8@sha256:7fca711199f677e53818bc75001ba8f327d3f0f3e322c11c6a187a2cfb41a9af_s390x",
"8Base-RHACM-2.7:rhacm2/submariner-globalnet-rhel8@sha256:edbd6157d552db94cc6edba05f4a0341e5f98849d26225dbd301da4a103c67f2_ppc64le",
"8Base-RHACM-2.7:rhacm2/submariner-networkplugin-syncer-rhel8@sha256:5d65182dd2cafc18c987f1ef9ed16b1ddffe1deef4070e821a6eeb33b1752b6e_arm64",
"8Base-RHACM-2.7:rhacm2/submariner-networkplugin-syncer-rhel8@sha256:98e572c91453a607b140421d5711ff9c2f0ce1a0999243868280fcb667e7632c_ppc64le",
"8Base-RHACM-2.7:rhacm2/submariner-networkplugin-syncer-rhel8@sha256:b9444ac6e5099190de999300a06a3f2f91f01c569a83ca7ff1cfbc40a2b72174_s390x",
"8Base-RHACM-2.7:rhacm2/submariner-networkplugin-syncer-rhel8@sha256:f8f3399de2bf019925cc85b89cc85f15049a7b135af97bdcff94aeaac5fe5762_amd64",
"8Base-RHACM-2.7:rhacm2/submariner-operator-bundle@sha256:5fd5a4910c4997a182ccb786fd22cf213bd651d0e14eb1645a150045bc47a779_ppc64le",
"8Base-RHACM-2.7:rhacm2/submariner-operator-bundle@sha256:69f061caec1403b1e4f002207a0b8acdc41ada2f9c7f46767648d05672d8c8ca_amd64",
"8Base-RHACM-2.7:rhacm2/submariner-operator-bundle@sha256:87b55b71c541c1edbe454185d728490eb39529d2b83f8e6c8443d334f9f81f3b_s390x",
"8Base-RHACM-2.7:rhacm2/submariner-operator-bundle@sha256:9f145c2eabacbcfa25a172a6de2516ad4a9e513c3d67b205e9a7e7069e8e4d4a_arm64",
"8Base-RHACM-2.7:rhacm2/submariner-rhel8-operator@sha256:3e054a396afcd57fd953856553f1c9d8f17b68ea9314a7307a9ead51dcb1f5c5_amd64",
"8Base-RHACM-2.7:rhacm2/submariner-rhel8-operator@sha256:727ac19ec8bbeed1a13b2ee09fe075a305c3fc3f568cfe40b499321a94061e50_ppc64le",
"8Base-RHACM-2.7:rhacm2/submariner-rhel8-operator@sha256:c0e26f8db9a5c0691185f80e6dcdd86d6a57c61e4066fdfd10eb8e31bed1469e_s390x",
"8Base-RHACM-2.7:rhacm2/submariner-rhel8-operator@sha256:c643fc44d3af4c3fd8671af2378bef068796fe98669b71579e50c154f2337b92_arm64",
"8Base-RHACM-2.7:rhacm2/submariner-route-agent-rhel8@sha256:4818471887484d8bb5ec2801c7fc98ef3cc52139c68f1f95a72ff9b54c124e3c_amd64",
"8Base-RHACM-2.7:rhacm2/submariner-route-agent-rhel8@sha256:5a3456edbe7796c9570bb01c6e720f4c32ba6e0a5051d0282f5b0db67fd8ea2c_arm64",
"8Base-RHACM-2.7:rhacm2/submariner-route-agent-rhel8@sha256:cdb405309b67640fe75ec802c5f3793b55217044f527c611b5155d6799b2e666_ppc64le",
"8Base-RHACM-2.7:rhacm2/submariner-route-agent-rhel8@sha256:efa917cc9518c1c15ae18d290b5bd4442afcacfcd7017c4e3470c3ce87ec6da5_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2132872"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package, where programs that compile regular expressions from untrusted sources are vulnerable to memory exhaustion or a denial of service. The parsed regexp representation is linear in the input size. Still, in some cases, the constant factor can be as high as 40,000, making a relatively small regexp consume larger amounts of memory. After the fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Routine use of regular expressions is unaffected.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: regexp/syntax: limit memory used by parsing regexps",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHACM-2.7:rhacm2/subctl-rhel8@sha256:1dfa9cbde516c58a7889fa6765a2dedeeb1f5ca4a8bbae6073e0c5f030bb973d_arm64",
"8Base-RHACM-2.7:rhacm2/subctl-rhel8@sha256:434c03429e8e8dc873f6f33c0091e8ae549945a7c9804c501cdd4e037fddda1d_s390x",
"8Base-RHACM-2.7:rhacm2/subctl-rhel8@sha256:690f87d67e3a9c63a4a95bf118bcea774d43437c7e68441ea3cfbcd40194c78d_amd64",
"8Base-RHACM-2.7:rhacm2/subctl-rhel8@sha256:985b34c33af8f50a10f3f6f0056b2ff6baad2f5e152df45382d3f23048e901c7_ppc64le"
],
"known_not_affected": [
"8Base-RHACM-2.7:rhacm2/lighthouse-agent-rhel8@sha256:135a7d6329ff7accf471f81b7cc235454a8de632d82eff7472769908dee4ea62_ppc64le",
"8Base-RHACM-2.7:rhacm2/lighthouse-agent-rhel8@sha256:3889ac37818edf1a73a78b21117f21e03e6c5d04afce4e087df0915d29f7ae0b_arm64",
"8Base-RHACM-2.7:rhacm2/lighthouse-agent-rhel8@sha256:61504950ebe4601f60431611d6edcb825cf07781490dec3cf8dedf77c8bb3bc5_s390x",
"8Base-RHACM-2.7:rhacm2/lighthouse-agent-rhel8@sha256:9b75b42c8b9cfb029e76b806e8eb9dc3178a76e358abf7a5ea56b50503f9b6e6_amd64",
"8Base-RHACM-2.7:rhacm2/lighthouse-coredns-rhel8@sha256:323319be40279b7c001bda0a7eae67b5662c1e7c9a9621a9ce9ec66b32ee4bbc_amd64",
"8Base-RHACM-2.7:rhacm2/lighthouse-coredns-rhel8@sha256:dbe8522519a073ed4620886586b4d0b467f1383d35b42ee779b60fc4733abe53_s390x",
"8Base-RHACM-2.7:rhacm2/lighthouse-coredns-rhel8@sha256:e66ef48970b4a4755c1677687508036927717fff47d24864cee09eb169930755_ppc64le",
"8Base-RHACM-2.7:rhacm2/lighthouse-coredns-rhel8@sha256:ed7b1d9eaa0fb5395b579214fcbb8c6c9f47147711affed6c40a9ea76e3ec5cc_arm64",
"8Base-RHACM-2.7:rhacm2/nettest-rhel8@sha256:21280d682e06e920a6620e823ff873dd7f26bcdf1f5e6afeaea33bd17fc90b32_arm64",
"8Base-RHACM-2.7:rhacm2/nettest-rhel8@sha256:80ecc8810042471f15091d785dc7c34cdb0afa7c845784c0a40a82244c51f132_ppc64le",
"8Base-RHACM-2.7:rhacm2/nettest-rhel8@sha256:f2eb14197331ee3fc6a022f17f22ca5b8ee54f76783ffa9e581a0eca5377122e_amd64",
"8Base-RHACM-2.7:rhacm2/nettest-rhel8@sha256:fbfda748f9522137e99a91b4961ad2fb4e582256f1f25fb5f16d498f67dc99d8_s390x",
"8Base-RHACM-2.7:rhacm2/submariner-gateway-rhel8@sha256:4feb9fd7fa4da86d7eefbc8b1704cda6f9c9920c1b2903aca7b136532c56c3b9_amd64",
"8Base-RHACM-2.7:rhacm2/submariner-gateway-rhel8@sha256:62cd51e00ca635ea41ae24b522c67b90299ce5914d72b4e89343f8eb3a8248d6_ppc64le",
"8Base-RHACM-2.7:rhacm2/submariner-gateway-rhel8@sha256:e9157a51b02b5ba0e44f1e25bf96c7ea950ba6576935ea6be0a3b14781bc0a37_arm64",
"8Base-RHACM-2.7:rhacm2/submariner-gateway-rhel8@sha256:f937e339d6e3639faefecb07a91e065fd8417ddd7d094c325463719e007f56db_s390x",
"8Base-RHACM-2.7:rhacm2/submariner-globalnet-rhel8@sha256:5924cc9a8092d6282afca8f4cdcbfd8c8fb7c5cafd86a69537b2fd619824f184_arm64",
"8Base-RHACM-2.7:rhacm2/submariner-globalnet-rhel8@sha256:67b56f6fbcb14caae9f1b20513d322deeed666a872ef02b5a73a5cf088183795_amd64",
"8Base-RHACM-2.7:rhacm2/submariner-globalnet-rhel8@sha256:7fca711199f677e53818bc75001ba8f327d3f0f3e322c11c6a187a2cfb41a9af_s390x",
"8Base-RHACM-2.7:rhacm2/submariner-globalnet-rhel8@sha256:edbd6157d552db94cc6edba05f4a0341e5f98849d26225dbd301da4a103c67f2_ppc64le",
"8Base-RHACM-2.7:rhacm2/submariner-networkplugin-syncer-rhel8@sha256:5d65182dd2cafc18c987f1ef9ed16b1ddffe1deef4070e821a6eeb33b1752b6e_arm64",
"8Base-RHACM-2.7:rhacm2/submariner-networkplugin-syncer-rhel8@sha256:98e572c91453a607b140421d5711ff9c2f0ce1a0999243868280fcb667e7632c_ppc64le",
"8Base-RHACM-2.7:rhacm2/submariner-networkplugin-syncer-rhel8@sha256:b9444ac6e5099190de999300a06a3f2f91f01c569a83ca7ff1cfbc40a2b72174_s390x",
"8Base-RHACM-2.7:rhacm2/submariner-networkplugin-syncer-rhel8@sha256:f8f3399de2bf019925cc85b89cc85f15049a7b135af97bdcff94aeaac5fe5762_amd64",
"8Base-RHACM-2.7:rhacm2/submariner-operator-bundle@sha256:5fd5a4910c4997a182ccb786fd22cf213bd651d0e14eb1645a150045bc47a779_ppc64le",
"8Base-RHACM-2.7:rhacm2/submariner-operator-bundle@sha256:69f061caec1403b1e4f002207a0b8acdc41ada2f9c7f46767648d05672d8c8ca_amd64",
"8Base-RHACM-2.7:rhacm2/submariner-operator-bundle@sha256:87b55b71c541c1edbe454185d728490eb39529d2b83f8e6c8443d334f9f81f3b_s390x",
"8Base-RHACM-2.7:rhacm2/submariner-operator-bundle@sha256:9f145c2eabacbcfa25a172a6de2516ad4a9e513c3d67b205e9a7e7069e8e4d4a_arm64",
"8Base-RHACM-2.7:rhacm2/submariner-rhel8-operator@sha256:3e054a396afcd57fd953856553f1c9d8f17b68ea9314a7307a9ead51dcb1f5c5_amd64",
"8Base-RHACM-2.7:rhacm2/submariner-rhel8-operator@sha256:727ac19ec8bbeed1a13b2ee09fe075a305c3fc3f568cfe40b499321a94061e50_ppc64le",
"8Base-RHACM-2.7:rhacm2/submariner-rhel8-operator@sha256:c0e26f8db9a5c0691185f80e6dcdd86d6a57c61e4066fdfd10eb8e31bed1469e_s390x",
"8Base-RHACM-2.7:rhacm2/submariner-rhel8-operator@sha256:c643fc44d3af4c3fd8671af2378bef068796fe98669b71579e50c154f2337b92_arm64",
"8Base-RHACM-2.7:rhacm2/submariner-route-agent-rhel8@sha256:4818471887484d8bb5ec2801c7fc98ef3cc52139c68f1f95a72ff9b54c124e3c_amd64",
"8Base-RHACM-2.7:rhacm2/submariner-route-agent-rhel8@sha256:5a3456edbe7796c9570bb01c6e720f4c32ba6e0a5051d0282f5b0db67fd8ea2c_arm64",
"8Base-RHACM-2.7:rhacm2/submariner-route-agent-rhel8@sha256:cdb405309b67640fe75ec802c5f3793b55217044f527c611b5155d6799b2e666_ppc64le",
"8Base-RHACM-2.7:rhacm2/submariner-route-agent-rhel8@sha256:efa917cc9518c1c15ae18d290b5bd4442afcacfcd7017c4e3470c3ce87ec6da5_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41715"
},
{
"category": "external",
"summary": "RHBZ#2132872",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132872"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41715",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41715"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41715",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41715"
},
{
"category": "external",
"summary": "https://github.com/golang/go/issues/55949",
"url": "https://github.com/golang/go/issues/55949"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1",
"url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1"
}
],
"release_date": "2022-10-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-02-07T17:23:40+00:00",
"details": "For details on how to install Submariner, refer to:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.7/html/add-ons/submariner#deploying-submariner-console \n\nand\n\nhttps://submariner.io/getting-started/",
"product_ids": [
"8Base-RHACM-2.7:rhacm2/subctl-rhel8@sha256:1dfa9cbde516c58a7889fa6765a2dedeeb1f5ca4a8bbae6073e0c5f030bb973d_arm64",
"8Base-RHACM-2.7:rhacm2/subctl-rhel8@sha256:434c03429e8e8dc873f6f33c0091e8ae549945a7c9804c501cdd4e037fddda1d_s390x",
"8Base-RHACM-2.7:rhacm2/subctl-rhel8@sha256:690f87d67e3a9c63a4a95bf118bcea774d43437c7e68441ea3cfbcd40194c78d_amd64",
"8Base-RHACM-2.7:rhacm2/subctl-rhel8@sha256:985b34c33af8f50a10f3f6f0056b2ff6baad2f5e152df45382d3f23048e901c7_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0631"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHACM-2.7:rhacm2/lighthouse-agent-rhel8@sha256:135a7d6329ff7accf471f81b7cc235454a8de632d82eff7472769908dee4ea62_ppc64le",
"8Base-RHACM-2.7:rhacm2/lighthouse-agent-rhel8@sha256:3889ac37818edf1a73a78b21117f21e03e6c5d04afce4e087df0915d29f7ae0b_arm64",
"8Base-RHACM-2.7:rhacm2/lighthouse-agent-rhel8@sha256:61504950ebe4601f60431611d6edcb825cf07781490dec3cf8dedf77c8bb3bc5_s390x",
"8Base-RHACM-2.7:rhacm2/lighthouse-agent-rhel8@sha256:9b75b42c8b9cfb029e76b806e8eb9dc3178a76e358abf7a5ea56b50503f9b6e6_amd64",
"8Base-RHACM-2.7:rhacm2/lighthouse-coredns-rhel8@sha256:323319be40279b7c001bda0a7eae67b5662c1e7c9a9621a9ce9ec66b32ee4bbc_amd64",
"8Base-RHACM-2.7:rhacm2/lighthouse-coredns-rhel8@sha256:dbe8522519a073ed4620886586b4d0b467f1383d35b42ee779b60fc4733abe53_s390x",
"8Base-RHACM-2.7:rhacm2/lighthouse-coredns-rhel8@sha256:e66ef48970b4a4755c1677687508036927717fff47d24864cee09eb169930755_ppc64le",
"8Base-RHACM-2.7:rhacm2/lighthouse-coredns-rhel8@sha256:ed7b1d9eaa0fb5395b579214fcbb8c6c9f47147711affed6c40a9ea76e3ec5cc_arm64",
"8Base-RHACM-2.7:rhacm2/nettest-rhel8@sha256:21280d682e06e920a6620e823ff873dd7f26bcdf1f5e6afeaea33bd17fc90b32_arm64",
"8Base-RHACM-2.7:rhacm2/nettest-rhel8@sha256:80ecc8810042471f15091d785dc7c34cdb0afa7c845784c0a40a82244c51f132_ppc64le",
"8Base-RHACM-2.7:rhacm2/nettest-rhel8@sha256:f2eb14197331ee3fc6a022f17f22ca5b8ee54f76783ffa9e581a0eca5377122e_amd64",
"8Base-RHACM-2.7:rhacm2/nettest-rhel8@sha256:fbfda748f9522137e99a91b4961ad2fb4e582256f1f25fb5f16d498f67dc99d8_s390x",
"8Base-RHACM-2.7:rhacm2/subctl-rhel8@sha256:1dfa9cbde516c58a7889fa6765a2dedeeb1f5ca4a8bbae6073e0c5f030bb973d_arm64",
"8Base-RHACM-2.7:rhacm2/subctl-rhel8@sha256:434c03429e8e8dc873f6f33c0091e8ae549945a7c9804c501cdd4e037fddda1d_s390x",
"8Base-RHACM-2.7:rhacm2/subctl-rhel8@sha256:690f87d67e3a9c63a4a95bf118bcea774d43437c7e68441ea3cfbcd40194c78d_amd64",
"8Base-RHACM-2.7:rhacm2/subctl-rhel8@sha256:985b34c33af8f50a10f3f6f0056b2ff6baad2f5e152df45382d3f23048e901c7_ppc64le",
"8Base-RHACM-2.7:rhacm2/submariner-gateway-rhel8@sha256:4feb9fd7fa4da86d7eefbc8b1704cda6f9c9920c1b2903aca7b136532c56c3b9_amd64",
"8Base-RHACM-2.7:rhacm2/submariner-gateway-rhel8@sha256:62cd51e00ca635ea41ae24b522c67b90299ce5914d72b4e89343f8eb3a8248d6_ppc64le",
"8Base-RHACM-2.7:rhacm2/submariner-gateway-rhel8@sha256:e9157a51b02b5ba0e44f1e25bf96c7ea950ba6576935ea6be0a3b14781bc0a37_arm64",
"8Base-RHACM-2.7:rhacm2/submariner-gateway-rhel8@sha256:f937e339d6e3639faefecb07a91e065fd8417ddd7d094c325463719e007f56db_s390x",
"8Base-RHACM-2.7:rhacm2/submariner-globalnet-rhel8@sha256:5924cc9a8092d6282afca8f4cdcbfd8c8fb7c5cafd86a69537b2fd619824f184_arm64",
"8Base-RHACM-2.7:rhacm2/submariner-globalnet-rhel8@sha256:67b56f6fbcb14caae9f1b20513d322deeed666a872ef02b5a73a5cf088183795_amd64",
"8Base-RHACM-2.7:rhacm2/submariner-globalnet-rhel8@sha256:7fca711199f677e53818bc75001ba8f327d3f0f3e322c11c6a187a2cfb41a9af_s390x",
"8Base-RHACM-2.7:rhacm2/submariner-globalnet-rhel8@sha256:edbd6157d552db94cc6edba05f4a0341e5f98849d26225dbd301da4a103c67f2_ppc64le",
"8Base-RHACM-2.7:rhacm2/submariner-networkplugin-syncer-rhel8@sha256:5d65182dd2cafc18c987f1ef9ed16b1ddffe1deef4070e821a6eeb33b1752b6e_arm64",
"8Base-RHACM-2.7:rhacm2/submariner-networkplugin-syncer-rhel8@sha256:98e572c91453a607b140421d5711ff9c2f0ce1a0999243868280fcb667e7632c_ppc64le",
"8Base-RHACM-2.7:rhacm2/submariner-networkplugin-syncer-rhel8@sha256:b9444ac6e5099190de999300a06a3f2f91f01c569a83ca7ff1cfbc40a2b72174_s390x",
"8Base-RHACM-2.7:rhacm2/submariner-networkplugin-syncer-rhel8@sha256:f8f3399de2bf019925cc85b89cc85f15049a7b135af97bdcff94aeaac5fe5762_amd64",
"8Base-RHACM-2.7:rhacm2/submariner-operator-bundle@sha256:5fd5a4910c4997a182ccb786fd22cf213bd651d0e14eb1645a150045bc47a779_ppc64le",
"8Base-RHACM-2.7:rhacm2/submariner-operator-bundle@sha256:69f061caec1403b1e4f002207a0b8acdc41ada2f9c7f46767648d05672d8c8ca_amd64",
"8Base-RHACM-2.7:rhacm2/submariner-operator-bundle@sha256:87b55b71c541c1edbe454185d728490eb39529d2b83f8e6c8443d334f9f81f3b_s390x",
"8Base-RHACM-2.7:rhacm2/submariner-operator-bundle@sha256:9f145c2eabacbcfa25a172a6de2516ad4a9e513c3d67b205e9a7e7069e8e4d4a_arm64",
"8Base-RHACM-2.7:rhacm2/submariner-rhel8-operator@sha256:3e054a396afcd57fd953856553f1c9d8f17b68ea9314a7307a9ead51dcb1f5c5_amd64",
"8Base-RHACM-2.7:rhacm2/submariner-rhel8-operator@sha256:727ac19ec8bbeed1a13b2ee09fe075a305c3fc3f568cfe40b499321a94061e50_ppc64le",
"8Base-RHACM-2.7:rhacm2/submariner-rhel8-operator@sha256:c0e26f8db9a5c0691185f80e6dcdd86d6a57c61e4066fdfd10eb8e31bed1469e_s390x",
"8Base-RHACM-2.7:rhacm2/submariner-rhel8-operator@sha256:c643fc44d3af4c3fd8671af2378bef068796fe98669b71579e50c154f2337b92_arm64",
"8Base-RHACM-2.7:rhacm2/submariner-route-agent-rhel8@sha256:4818471887484d8bb5ec2801c7fc98ef3cc52139c68f1f95a72ff9b54c124e3c_amd64",
"8Base-RHACM-2.7:rhacm2/submariner-route-agent-rhel8@sha256:5a3456edbe7796c9570bb01c6e720f4c32ba6e0a5051d0282f5b0db67fd8ea2c_arm64",
"8Base-RHACM-2.7:rhacm2/submariner-route-agent-rhel8@sha256:cdb405309b67640fe75ec802c5f3793b55217044f527c611b5155d6799b2e666_ppc64le",
"8Base-RHACM-2.7:rhacm2/submariner-route-agent-rhel8@sha256:efa917cc9518c1c15ae18d290b5bd4442afcacfcd7017c4e3470c3ce87ec6da5_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: regexp/syntax: limit memory used by parsing regexps"
},
{
"cve": "CVE-2022-41717",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-01-16T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHACM-2.7:rhacm2/lighthouse-agent-rhel8@sha256:135a7d6329ff7accf471f81b7cc235454a8de632d82eff7472769908dee4ea62_ppc64le",
"8Base-RHACM-2.7:rhacm2/lighthouse-agent-rhel8@sha256:3889ac37818edf1a73a78b21117f21e03e6c5d04afce4e087df0915d29f7ae0b_arm64",
"8Base-RHACM-2.7:rhacm2/lighthouse-agent-rhel8@sha256:61504950ebe4601f60431611d6edcb825cf07781490dec3cf8dedf77c8bb3bc5_s390x",
"8Base-RHACM-2.7:rhacm2/lighthouse-agent-rhel8@sha256:9b75b42c8b9cfb029e76b806e8eb9dc3178a76e358abf7a5ea56b50503f9b6e6_amd64",
"8Base-RHACM-2.7:rhacm2/lighthouse-coredns-rhel8@sha256:323319be40279b7c001bda0a7eae67b5662c1e7c9a9621a9ce9ec66b32ee4bbc_amd64",
"8Base-RHACM-2.7:rhacm2/lighthouse-coredns-rhel8@sha256:dbe8522519a073ed4620886586b4d0b467f1383d35b42ee779b60fc4733abe53_s390x",
"8Base-RHACM-2.7:rhacm2/lighthouse-coredns-rhel8@sha256:e66ef48970b4a4755c1677687508036927717fff47d24864cee09eb169930755_ppc64le",
"8Base-RHACM-2.7:rhacm2/lighthouse-coredns-rhel8@sha256:ed7b1d9eaa0fb5395b579214fcbb8c6c9f47147711affed6c40a9ea76e3ec5cc_arm64",
"8Base-RHACM-2.7:rhacm2/nettest-rhel8@sha256:21280d682e06e920a6620e823ff873dd7f26bcdf1f5e6afeaea33bd17fc90b32_arm64",
"8Base-RHACM-2.7:rhacm2/nettest-rhel8@sha256:80ecc8810042471f15091d785dc7c34cdb0afa7c845784c0a40a82244c51f132_ppc64le",
"8Base-RHACM-2.7:rhacm2/nettest-rhel8@sha256:f2eb14197331ee3fc6a022f17f22ca5b8ee54f76783ffa9e581a0eca5377122e_amd64",
"8Base-RHACM-2.7:rhacm2/nettest-rhel8@sha256:fbfda748f9522137e99a91b4961ad2fb4e582256f1f25fb5f16d498f67dc99d8_s390x",
"8Base-RHACM-2.7:rhacm2/submariner-gateway-rhel8@sha256:4feb9fd7fa4da86d7eefbc8b1704cda6f9c9920c1b2903aca7b136532c56c3b9_amd64",
"8Base-RHACM-2.7:rhacm2/submariner-gateway-rhel8@sha256:62cd51e00ca635ea41ae24b522c67b90299ce5914d72b4e89343f8eb3a8248d6_ppc64le",
"8Base-RHACM-2.7:rhacm2/submariner-gateway-rhel8@sha256:e9157a51b02b5ba0e44f1e25bf96c7ea950ba6576935ea6be0a3b14781bc0a37_arm64",
"8Base-RHACM-2.7:rhacm2/submariner-gateway-rhel8@sha256:f937e339d6e3639faefecb07a91e065fd8417ddd7d094c325463719e007f56db_s390x",
"8Base-RHACM-2.7:rhacm2/submariner-globalnet-rhel8@sha256:5924cc9a8092d6282afca8f4cdcbfd8c8fb7c5cafd86a69537b2fd619824f184_arm64",
"8Base-RHACM-2.7:rhacm2/submariner-globalnet-rhel8@sha256:67b56f6fbcb14caae9f1b20513d322deeed666a872ef02b5a73a5cf088183795_amd64",
"8Base-RHACM-2.7:rhacm2/submariner-globalnet-rhel8@sha256:7fca711199f677e53818bc75001ba8f327d3f0f3e322c11c6a187a2cfb41a9af_s390x",
"8Base-RHACM-2.7:rhacm2/submariner-globalnet-rhel8@sha256:edbd6157d552db94cc6edba05f4a0341e5f98849d26225dbd301da4a103c67f2_ppc64le",
"8Base-RHACM-2.7:rhacm2/submariner-networkplugin-syncer-rhel8@sha256:5d65182dd2cafc18c987f1ef9ed16b1ddffe1deef4070e821a6eeb33b1752b6e_arm64",
"8Base-RHACM-2.7:rhacm2/submariner-networkplugin-syncer-rhel8@sha256:98e572c91453a607b140421d5711ff9c2f0ce1a0999243868280fcb667e7632c_ppc64le",
"8Base-RHACM-2.7:rhacm2/submariner-networkplugin-syncer-rhel8@sha256:b9444ac6e5099190de999300a06a3f2f91f01c569a83ca7ff1cfbc40a2b72174_s390x",
"8Base-RHACM-2.7:rhacm2/submariner-networkplugin-syncer-rhel8@sha256:f8f3399de2bf019925cc85b89cc85f15049a7b135af97bdcff94aeaac5fe5762_amd64",
"8Base-RHACM-2.7:rhacm2/submariner-operator-bundle@sha256:5fd5a4910c4997a182ccb786fd22cf213bd651d0e14eb1645a150045bc47a779_ppc64le",
"8Base-RHACM-2.7:rhacm2/submariner-operator-bundle@sha256:69f061caec1403b1e4f002207a0b8acdc41ada2f9c7f46767648d05672d8c8ca_amd64",
"8Base-RHACM-2.7:rhacm2/submariner-operator-bundle@sha256:87b55b71c541c1edbe454185d728490eb39529d2b83f8e6c8443d334f9f81f3b_s390x",
"8Base-RHACM-2.7:rhacm2/submariner-operator-bundle@sha256:9f145c2eabacbcfa25a172a6de2516ad4a9e513c3d67b205e9a7e7069e8e4d4a_arm64",
"8Base-RHACM-2.7:rhacm2/submariner-rhel8-operator@sha256:3e054a396afcd57fd953856553f1c9d8f17b68ea9314a7307a9ead51dcb1f5c5_amd64",
"8Base-RHACM-2.7:rhacm2/submariner-rhel8-operator@sha256:727ac19ec8bbeed1a13b2ee09fe075a305c3fc3f568cfe40b499321a94061e50_ppc64le",
"8Base-RHACM-2.7:rhacm2/submariner-rhel8-operator@sha256:c0e26f8db9a5c0691185f80e6dcdd86d6a57c61e4066fdfd10eb8e31bed1469e_s390x",
"8Base-RHACM-2.7:rhacm2/submariner-rhel8-operator@sha256:c643fc44d3af4c3fd8671af2378bef068796fe98669b71579e50c154f2337b92_arm64",
"8Base-RHACM-2.7:rhacm2/submariner-route-agent-rhel8@sha256:4818471887484d8bb5ec2801c7fc98ef3cc52139c68f1f95a72ff9b54c124e3c_amd64",
"8Base-RHACM-2.7:rhacm2/submariner-route-agent-rhel8@sha256:5a3456edbe7796c9570bb01c6e720f4c32ba6e0a5051d0282f5b0db67fd8ea2c_arm64",
"8Base-RHACM-2.7:rhacm2/submariner-route-agent-rhel8@sha256:cdb405309b67640fe75ec802c5f3793b55217044f527c611b5155d6799b2e666_ppc64le",
"8Base-RHACM-2.7:rhacm2/submariner-route-agent-rhel8@sha256:efa917cc9518c1c15ae18d290b5bd4442afcacfcd7017c4e3470c3ce87ec6da5_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2161274"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Within Red Hat OpenShift Container Platform, the grafana container is listed as will not fix. Since OCP 4.10, Grafana itself is not shipped and the Grafana web server is protected behind an OAuth proxy server.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHACM-2.7:rhacm2/subctl-rhel8@sha256:1dfa9cbde516c58a7889fa6765a2dedeeb1f5ca4a8bbae6073e0c5f030bb973d_arm64",
"8Base-RHACM-2.7:rhacm2/subctl-rhel8@sha256:434c03429e8e8dc873f6f33c0091e8ae549945a7c9804c501cdd4e037fddda1d_s390x",
"8Base-RHACM-2.7:rhacm2/subctl-rhel8@sha256:690f87d67e3a9c63a4a95bf118bcea774d43437c7e68441ea3cfbcd40194c78d_amd64",
"8Base-RHACM-2.7:rhacm2/subctl-rhel8@sha256:985b34c33af8f50a10f3f6f0056b2ff6baad2f5e152df45382d3f23048e901c7_ppc64le"
],
"known_not_affected": [
"8Base-RHACM-2.7:rhacm2/lighthouse-agent-rhel8@sha256:135a7d6329ff7accf471f81b7cc235454a8de632d82eff7472769908dee4ea62_ppc64le",
"8Base-RHACM-2.7:rhacm2/lighthouse-agent-rhel8@sha256:3889ac37818edf1a73a78b21117f21e03e6c5d04afce4e087df0915d29f7ae0b_arm64",
"8Base-RHACM-2.7:rhacm2/lighthouse-agent-rhel8@sha256:61504950ebe4601f60431611d6edcb825cf07781490dec3cf8dedf77c8bb3bc5_s390x",
"8Base-RHACM-2.7:rhacm2/lighthouse-agent-rhel8@sha256:9b75b42c8b9cfb029e76b806e8eb9dc3178a76e358abf7a5ea56b50503f9b6e6_amd64",
"8Base-RHACM-2.7:rhacm2/lighthouse-coredns-rhel8@sha256:323319be40279b7c001bda0a7eae67b5662c1e7c9a9621a9ce9ec66b32ee4bbc_amd64",
"8Base-RHACM-2.7:rhacm2/lighthouse-coredns-rhel8@sha256:dbe8522519a073ed4620886586b4d0b467f1383d35b42ee779b60fc4733abe53_s390x",
"8Base-RHACM-2.7:rhacm2/lighthouse-coredns-rhel8@sha256:e66ef48970b4a4755c1677687508036927717fff47d24864cee09eb169930755_ppc64le",
"8Base-RHACM-2.7:rhacm2/lighthouse-coredns-rhel8@sha256:ed7b1d9eaa0fb5395b579214fcbb8c6c9f47147711affed6c40a9ea76e3ec5cc_arm64",
"8Base-RHACM-2.7:rhacm2/nettest-rhel8@sha256:21280d682e06e920a6620e823ff873dd7f26bcdf1f5e6afeaea33bd17fc90b32_arm64",
"8Base-RHACM-2.7:rhacm2/nettest-rhel8@sha256:80ecc8810042471f15091d785dc7c34cdb0afa7c845784c0a40a82244c51f132_ppc64le",
"8Base-RHACM-2.7:rhacm2/nettest-rhel8@sha256:f2eb14197331ee3fc6a022f17f22ca5b8ee54f76783ffa9e581a0eca5377122e_amd64",
"8Base-RHACM-2.7:rhacm2/nettest-rhel8@sha256:fbfda748f9522137e99a91b4961ad2fb4e582256f1f25fb5f16d498f67dc99d8_s390x",
"8Base-RHACM-2.7:rhacm2/submariner-gateway-rhel8@sha256:4feb9fd7fa4da86d7eefbc8b1704cda6f9c9920c1b2903aca7b136532c56c3b9_amd64",
"8Base-RHACM-2.7:rhacm2/submariner-gateway-rhel8@sha256:62cd51e00ca635ea41ae24b522c67b90299ce5914d72b4e89343f8eb3a8248d6_ppc64le",
"8Base-RHACM-2.7:rhacm2/submariner-gateway-rhel8@sha256:e9157a51b02b5ba0e44f1e25bf96c7ea950ba6576935ea6be0a3b14781bc0a37_arm64",
"8Base-RHACM-2.7:rhacm2/submariner-gateway-rhel8@sha256:f937e339d6e3639faefecb07a91e065fd8417ddd7d094c325463719e007f56db_s390x",
"8Base-RHACM-2.7:rhacm2/submariner-globalnet-rhel8@sha256:5924cc9a8092d6282afca8f4cdcbfd8c8fb7c5cafd86a69537b2fd619824f184_arm64",
"8Base-RHACM-2.7:rhacm2/submariner-globalnet-rhel8@sha256:67b56f6fbcb14caae9f1b20513d322deeed666a872ef02b5a73a5cf088183795_amd64",
"8Base-RHACM-2.7:rhacm2/submariner-globalnet-rhel8@sha256:7fca711199f677e53818bc75001ba8f327d3f0f3e322c11c6a187a2cfb41a9af_s390x",
"8Base-RHACM-2.7:rhacm2/submariner-globalnet-rhel8@sha256:edbd6157d552db94cc6edba05f4a0341e5f98849d26225dbd301da4a103c67f2_ppc64le",
"8Base-RHACM-2.7:rhacm2/submariner-networkplugin-syncer-rhel8@sha256:5d65182dd2cafc18c987f1ef9ed16b1ddffe1deef4070e821a6eeb33b1752b6e_arm64",
"8Base-RHACM-2.7:rhacm2/submariner-networkplugin-syncer-rhel8@sha256:98e572c91453a607b140421d5711ff9c2f0ce1a0999243868280fcb667e7632c_ppc64le",
"8Base-RHACM-2.7:rhacm2/submariner-networkplugin-syncer-rhel8@sha256:b9444ac6e5099190de999300a06a3f2f91f01c569a83ca7ff1cfbc40a2b72174_s390x",
"8Base-RHACM-2.7:rhacm2/submariner-networkplugin-syncer-rhel8@sha256:f8f3399de2bf019925cc85b89cc85f15049a7b135af97bdcff94aeaac5fe5762_amd64",
"8Base-RHACM-2.7:rhacm2/submariner-operator-bundle@sha256:5fd5a4910c4997a182ccb786fd22cf213bd651d0e14eb1645a150045bc47a779_ppc64le",
"8Base-RHACM-2.7:rhacm2/submariner-operator-bundle@sha256:69f061caec1403b1e4f002207a0b8acdc41ada2f9c7f46767648d05672d8c8ca_amd64",
"8Base-RHACM-2.7:rhacm2/submariner-operator-bundle@sha256:87b55b71c541c1edbe454185d728490eb39529d2b83f8e6c8443d334f9f81f3b_s390x",
"8Base-RHACM-2.7:rhacm2/submariner-operator-bundle@sha256:9f145c2eabacbcfa25a172a6de2516ad4a9e513c3d67b205e9a7e7069e8e4d4a_arm64",
"8Base-RHACM-2.7:rhacm2/submariner-rhel8-operator@sha256:3e054a396afcd57fd953856553f1c9d8f17b68ea9314a7307a9ead51dcb1f5c5_amd64",
"8Base-RHACM-2.7:rhacm2/submariner-rhel8-operator@sha256:727ac19ec8bbeed1a13b2ee09fe075a305c3fc3f568cfe40b499321a94061e50_ppc64le",
"8Base-RHACM-2.7:rhacm2/submariner-rhel8-operator@sha256:c0e26f8db9a5c0691185f80e6dcdd86d6a57c61e4066fdfd10eb8e31bed1469e_s390x",
"8Base-RHACM-2.7:rhacm2/submariner-rhel8-operator@sha256:c643fc44d3af4c3fd8671af2378bef068796fe98669b71579e50c154f2337b92_arm64",
"8Base-RHACM-2.7:rhacm2/submariner-route-agent-rhel8@sha256:4818471887484d8bb5ec2801c7fc98ef3cc52139c68f1f95a72ff9b54c124e3c_amd64",
"8Base-RHACM-2.7:rhacm2/submariner-route-agent-rhel8@sha256:5a3456edbe7796c9570bb01c6e720f4c32ba6e0a5051d0282f5b0db67fd8ea2c_arm64",
"8Base-RHACM-2.7:rhacm2/submariner-route-agent-rhel8@sha256:cdb405309b67640fe75ec802c5f3793b55217044f527c611b5155d6799b2e666_ppc64le",
"8Base-RHACM-2.7:rhacm2/submariner-route-agent-rhel8@sha256:efa917cc9518c1c15ae18d290b5bd4442afcacfcd7017c4e3470c3ce87ec6da5_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41717"
},
{
"category": "external",
"summary": "RHBZ#2161274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161274"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41717",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41717"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41717",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41717"
},
{
"category": "external",
"summary": "https://go.dev/cl/455635",
"url": "https://go.dev/cl/455635"
},
{
"category": "external",
"summary": "https://go.dev/cl/455717",
"url": "https://go.dev/cl/455717"
},
{
"category": "external",
"summary": "https://go.dev/issue/56350",
"url": "https://go.dev/issue/56350"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ",
"url": "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2022-1144",
"url": "https://pkg.go.dev/vuln/GO-2022-1144"
}
],
"release_date": "2022-11-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-02-07T17:23:40+00:00",
"details": "For details on how to install Submariner, refer to:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.7/html/add-ons/submariner#deploying-submariner-console \n\nand\n\nhttps://submariner.io/getting-started/",
"product_ids": [
"8Base-RHACM-2.7:rhacm2/subctl-rhel8@sha256:1dfa9cbde516c58a7889fa6765a2dedeeb1f5ca4a8bbae6073e0c5f030bb973d_arm64",
"8Base-RHACM-2.7:rhacm2/subctl-rhel8@sha256:434c03429e8e8dc873f6f33c0091e8ae549945a7c9804c501cdd4e037fddda1d_s390x",
"8Base-RHACM-2.7:rhacm2/subctl-rhel8@sha256:690f87d67e3a9c63a4a95bf118bcea774d43437c7e68441ea3cfbcd40194c78d_amd64",
"8Base-RHACM-2.7:rhacm2/subctl-rhel8@sha256:985b34c33af8f50a10f3f6f0056b2ff6baad2f5e152df45382d3f23048e901c7_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0631"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"8Base-RHACM-2.7:rhacm2/lighthouse-agent-rhel8@sha256:135a7d6329ff7accf471f81b7cc235454a8de632d82eff7472769908dee4ea62_ppc64le",
"8Base-RHACM-2.7:rhacm2/lighthouse-agent-rhel8@sha256:3889ac37818edf1a73a78b21117f21e03e6c5d04afce4e087df0915d29f7ae0b_arm64",
"8Base-RHACM-2.7:rhacm2/lighthouse-agent-rhel8@sha256:61504950ebe4601f60431611d6edcb825cf07781490dec3cf8dedf77c8bb3bc5_s390x",
"8Base-RHACM-2.7:rhacm2/lighthouse-agent-rhel8@sha256:9b75b42c8b9cfb029e76b806e8eb9dc3178a76e358abf7a5ea56b50503f9b6e6_amd64",
"8Base-RHACM-2.7:rhacm2/lighthouse-coredns-rhel8@sha256:323319be40279b7c001bda0a7eae67b5662c1e7c9a9621a9ce9ec66b32ee4bbc_amd64",
"8Base-RHACM-2.7:rhacm2/lighthouse-coredns-rhel8@sha256:dbe8522519a073ed4620886586b4d0b467f1383d35b42ee779b60fc4733abe53_s390x",
"8Base-RHACM-2.7:rhacm2/lighthouse-coredns-rhel8@sha256:e66ef48970b4a4755c1677687508036927717fff47d24864cee09eb169930755_ppc64le",
"8Base-RHACM-2.7:rhacm2/lighthouse-coredns-rhel8@sha256:ed7b1d9eaa0fb5395b579214fcbb8c6c9f47147711affed6c40a9ea76e3ec5cc_arm64",
"8Base-RHACM-2.7:rhacm2/nettest-rhel8@sha256:21280d682e06e920a6620e823ff873dd7f26bcdf1f5e6afeaea33bd17fc90b32_arm64",
"8Base-RHACM-2.7:rhacm2/nettest-rhel8@sha256:80ecc8810042471f15091d785dc7c34cdb0afa7c845784c0a40a82244c51f132_ppc64le",
"8Base-RHACM-2.7:rhacm2/nettest-rhel8@sha256:f2eb14197331ee3fc6a022f17f22ca5b8ee54f76783ffa9e581a0eca5377122e_amd64",
"8Base-RHACM-2.7:rhacm2/nettest-rhel8@sha256:fbfda748f9522137e99a91b4961ad2fb4e582256f1f25fb5f16d498f67dc99d8_s390x",
"8Base-RHACM-2.7:rhacm2/subctl-rhel8@sha256:1dfa9cbde516c58a7889fa6765a2dedeeb1f5ca4a8bbae6073e0c5f030bb973d_arm64",
"8Base-RHACM-2.7:rhacm2/subctl-rhel8@sha256:434c03429e8e8dc873f6f33c0091e8ae549945a7c9804c501cdd4e037fddda1d_s390x",
"8Base-RHACM-2.7:rhacm2/subctl-rhel8@sha256:690f87d67e3a9c63a4a95bf118bcea774d43437c7e68441ea3cfbcd40194c78d_amd64",
"8Base-RHACM-2.7:rhacm2/subctl-rhel8@sha256:985b34c33af8f50a10f3f6f0056b2ff6baad2f5e152df45382d3f23048e901c7_ppc64le",
"8Base-RHACM-2.7:rhacm2/submariner-gateway-rhel8@sha256:4feb9fd7fa4da86d7eefbc8b1704cda6f9c9920c1b2903aca7b136532c56c3b9_amd64",
"8Base-RHACM-2.7:rhacm2/submariner-gateway-rhel8@sha256:62cd51e00ca635ea41ae24b522c67b90299ce5914d72b4e89343f8eb3a8248d6_ppc64le",
"8Base-RHACM-2.7:rhacm2/submariner-gateway-rhel8@sha256:e9157a51b02b5ba0e44f1e25bf96c7ea950ba6576935ea6be0a3b14781bc0a37_arm64",
"8Base-RHACM-2.7:rhacm2/submariner-gateway-rhel8@sha256:f937e339d6e3639faefecb07a91e065fd8417ddd7d094c325463719e007f56db_s390x",
"8Base-RHACM-2.7:rhacm2/submariner-globalnet-rhel8@sha256:5924cc9a8092d6282afca8f4cdcbfd8c8fb7c5cafd86a69537b2fd619824f184_arm64",
"8Base-RHACM-2.7:rhacm2/submariner-globalnet-rhel8@sha256:67b56f6fbcb14caae9f1b20513d322deeed666a872ef02b5a73a5cf088183795_amd64",
"8Base-RHACM-2.7:rhacm2/submariner-globalnet-rhel8@sha256:7fca711199f677e53818bc75001ba8f327d3f0f3e322c11c6a187a2cfb41a9af_s390x",
"8Base-RHACM-2.7:rhacm2/submariner-globalnet-rhel8@sha256:edbd6157d552db94cc6edba05f4a0341e5f98849d26225dbd301da4a103c67f2_ppc64le",
"8Base-RHACM-2.7:rhacm2/submariner-networkplugin-syncer-rhel8@sha256:5d65182dd2cafc18c987f1ef9ed16b1ddffe1deef4070e821a6eeb33b1752b6e_arm64",
"8Base-RHACM-2.7:rhacm2/submariner-networkplugin-syncer-rhel8@sha256:98e572c91453a607b140421d5711ff9c2f0ce1a0999243868280fcb667e7632c_ppc64le",
"8Base-RHACM-2.7:rhacm2/submariner-networkplugin-syncer-rhel8@sha256:b9444ac6e5099190de999300a06a3f2f91f01c569a83ca7ff1cfbc40a2b72174_s390x",
"8Base-RHACM-2.7:rhacm2/submariner-networkplugin-syncer-rhel8@sha256:f8f3399de2bf019925cc85b89cc85f15049a7b135af97bdcff94aeaac5fe5762_amd64",
"8Base-RHACM-2.7:rhacm2/submariner-operator-bundle@sha256:5fd5a4910c4997a182ccb786fd22cf213bd651d0e14eb1645a150045bc47a779_ppc64le",
"8Base-RHACM-2.7:rhacm2/submariner-operator-bundle@sha256:69f061caec1403b1e4f002207a0b8acdc41ada2f9c7f46767648d05672d8c8ca_amd64",
"8Base-RHACM-2.7:rhacm2/submariner-operator-bundle@sha256:87b55b71c541c1edbe454185d728490eb39529d2b83f8e6c8443d334f9f81f3b_s390x",
"8Base-RHACM-2.7:rhacm2/submariner-operator-bundle@sha256:9f145c2eabacbcfa25a172a6de2516ad4a9e513c3d67b205e9a7e7069e8e4d4a_arm64",
"8Base-RHACM-2.7:rhacm2/submariner-rhel8-operator@sha256:3e054a396afcd57fd953856553f1c9d8f17b68ea9314a7307a9ead51dcb1f5c5_amd64",
"8Base-RHACM-2.7:rhacm2/submariner-rhel8-operator@sha256:727ac19ec8bbeed1a13b2ee09fe075a305c3fc3f568cfe40b499321a94061e50_ppc64le",
"8Base-RHACM-2.7:rhacm2/submariner-rhel8-operator@sha256:c0e26f8db9a5c0691185f80e6dcdd86d6a57c61e4066fdfd10eb8e31bed1469e_s390x",
"8Base-RHACM-2.7:rhacm2/submariner-rhel8-operator@sha256:c643fc44d3af4c3fd8671af2378bef068796fe98669b71579e50c154f2337b92_arm64",
"8Base-RHACM-2.7:rhacm2/submariner-route-agent-rhel8@sha256:4818471887484d8bb5ec2801c7fc98ef3cc52139c68f1f95a72ff9b54c124e3c_amd64",
"8Base-RHACM-2.7:rhacm2/submariner-route-agent-rhel8@sha256:5a3456edbe7796c9570bb01c6e720f4c32ba6e0a5051d0282f5b0db67fd8ea2c_arm64",
"8Base-RHACM-2.7:rhacm2/submariner-route-agent-rhel8@sha256:cdb405309b67640fe75ec802c5f3793b55217044f527c611b5155d6799b2e666_ppc64le",
"8Base-RHACM-2.7:rhacm2/submariner-route-agent-rhel8@sha256:efa917cc9518c1c15ae18d290b5bd4442afcacfcd7017c4e3470c3ce87ec6da5_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests"
}
]
}
RHSA-2023:0693
Vulnerability from csaf_redhat - Published: 2023-02-09 02:17 - Updated: 2026-05-27 08:35Summary
Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.7 security and bug fix update
Severity
Moderate
Notes
Topic: The Migration Toolkit for Containers (MTC) 1.7.7 is now available.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.
Security Fix(es) from Bugzilla:
* async: Prototype Pollution in async (CVE-2021-43138)
* golang: archive/tar: unbounded memory consumption when reading headers (CVE-2022-2879)
* golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880)
* golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)
* golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags (CVE-2022-32149)
* golang: net/url: JoinPath does not strip relative path components in all circumstances (CVE-2022-32190)
* golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715)
* golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)
* golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service (CVE-2022-32189)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A vulnerability was found in the async package. This flaw allows a malicious user to obtain privileges via the mapValues() method.
7.8 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:4141db5099ae659270297eb4aaff695ac43fce67d91fea49dbc76583f419d3a1_amd64 | — |
Vendor Fix
fix
|
Known not affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:362eb32d0d2607f72b4f425dabaea7cde5d292ac41aea0c18c78bc6e408fff9e_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:aa63717ac3a4961e774ed0baa3a73f01eda185516e7380579d97b9d25764d10d_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:1ac9cdfbdce8f7b6e4ebf5e40013f766b71b6dd604c92f602aca96612a228eda_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:d89e9ef65993466d25b26702d0210c14ce191155501774f4d2f1f08dbdad9804_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:5acf34dc4041b694b452d46c2f656db566241773285ca305a79ab7b9dc087b43_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:15df7304827ce49d422554551f08d99cfffa1afc4ffacac145d4399ccb1cbd68_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:90ed03a5e0cb0b0ffd85f7434cc4eda9bd8fe81cd90b597772d9b7caccd4b80f_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:aaa03ef0769d38185675db2a7a78454659de14bdebe5ff842614bf2124e5adfe_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:aaaf4f6095294b497889749390f0a3aac04b83131a423799c44b5e367e0b370a_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:58bd4ffc3e9599401251ac929cf15c1773ecc03a57177118adbe23ac8d7762af_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:633eeb0b6b50e21bbc0fb12fd2262294733fc9ac8b1e9eedcdb9d1433534d88d_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:19dbf2bb83f8a0f35079d6ae25f8fcddad970e48ecb21694fd2d4c553313e4aa_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:93e95f065eadaa41154b9012dd5ddc824607758e2bce85c4256c2689125b80a4_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:70d3d46f54b91538e047df62e7e5b161fabac195a2f2e45cdba78215b4c82a7d_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1ca6945c3918f1743a4cee86a507f9f6581c8f8e572b6b8739d79a675a64d1db_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:26f8fb5c41ece82626325ba502505ba1ca7986602cc147b492f9857caa0be868_amd64 | — |
Threats
Impact
Moderate
A flaw was found in the golang package, where Reader.Read does not set a limit on the maximum size of file headers. After fixing, Reader.Read limits the maximum size of header blocks to 1 MiB. This flaw allows a maliciously crafted archive to cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panic.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:26f8fb5c41ece82626325ba502505ba1ca7986602cc147b492f9857caa0be868_amd64 | — |
Vendor Fix
fix
|
Known not affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:362eb32d0d2607f72b4f425dabaea7cde5d292ac41aea0c18c78bc6e408fff9e_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:aa63717ac3a4961e774ed0baa3a73f01eda185516e7380579d97b9d25764d10d_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:1ac9cdfbdce8f7b6e4ebf5e40013f766b71b6dd604c92f602aca96612a228eda_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:d89e9ef65993466d25b26702d0210c14ce191155501774f4d2f1f08dbdad9804_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:5acf34dc4041b694b452d46c2f656db566241773285ca305a79ab7b9dc087b43_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:15df7304827ce49d422554551f08d99cfffa1afc4ffacac145d4399ccb1cbd68_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:90ed03a5e0cb0b0ffd85f7434cc4eda9bd8fe81cd90b597772d9b7caccd4b80f_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:aaa03ef0769d38185675db2a7a78454659de14bdebe5ff842614bf2124e5adfe_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:aaaf4f6095294b497889749390f0a3aac04b83131a423799c44b5e367e0b370a_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:58bd4ffc3e9599401251ac929cf15c1773ecc03a57177118adbe23ac8d7762af_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:4141db5099ae659270297eb4aaff695ac43fce67d91fea49dbc76583f419d3a1_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:633eeb0b6b50e21bbc0fb12fd2262294733fc9ac8b1e9eedcdb9d1433534d88d_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:19dbf2bb83f8a0f35079d6ae25f8fcddad970e48ecb21694fd2d4c553313e4aa_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:93e95f065eadaa41154b9012dd5ddc824607758e2bce85c4256c2689125b80a4_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:70d3d46f54b91538e047df62e7e5b161fabac195a2f2e45cdba78215b4c82a7d_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1ca6945c3918f1743a4cee86a507f9f6581c8f8e572b6b8739d79a675a64d1db_amd64 | — |
Threats
Impact
Moderate
A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After the fix, the reverse proxy sanitizes the query parameters in the forwarded query when the outbound request's form field is set after the reverse proxy. The director function returns, indicating that the proxy has parsed the query parameters. Proxies that do not parse query parameters continue to forward the original query parameters unchanged.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:26f8fb5c41ece82626325ba502505ba1ca7986602cc147b492f9857caa0be868_amd64 | — |
Vendor Fix
fix
|
Known not affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:362eb32d0d2607f72b4f425dabaea7cde5d292ac41aea0c18c78bc6e408fff9e_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:aa63717ac3a4961e774ed0baa3a73f01eda185516e7380579d97b9d25764d10d_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:1ac9cdfbdce8f7b6e4ebf5e40013f766b71b6dd604c92f602aca96612a228eda_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:d89e9ef65993466d25b26702d0210c14ce191155501774f4d2f1f08dbdad9804_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:5acf34dc4041b694b452d46c2f656db566241773285ca305a79ab7b9dc087b43_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:15df7304827ce49d422554551f08d99cfffa1afc4ffacac145d4399ccb1cbd68_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:90ed03a5e0cb0b0ffd85f7434cc4eda9bd8fe81cd90b597772d9b7caccd4b80f_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:aaa03ef0769d38185675db2a7a78454659de14bdebe5ff842614bf2124e5adfe_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:aaaf4f6095294b497889749390f0a3aac04b83131a423799c44b5e367e0b370a_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:58bd4ffc3e9599401251ac929cf15c1773ecc03a57177118adbe23ac8d7762af_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:4141db5099ae659270297eb4aaff695ac43fce67d91fea49dbc76583f419d3a1_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:633eeb0b6b50e21bbc0fb12fd2262294733fc9ac8b1e9eedcdb9d1433534d88d_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:19dbf2bb83f8a0f35079d6ae25f8fcddad970e48ecb21694fd2d4c553313e4aa_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:93e95f065eadaa41154b9012dd5ddc824607758e2bce85c4256c2689125b80a4_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:70d3d46f54b91538e047df62e7e5b161fabac195a2f2e45cdba78215b4c82a7d_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1ca6945c3918f1743a4cee86a507f9f6581c8f8e572b6b8739d79a675a64d1db_amd64 | — |
Threats
Impact
Moderate
A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown.
6.5 (Medium)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:15df7304827ce49d422554551f08d99cfffa1afc4ffacac145d4399ccb1cbd68_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:26f8fb5c41ece82626325ba502505ba1ca7986602cc147b492f9857caa0be868_amd64 | — |
Vendor Fix
fix
|
Known not affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:362eb32d0d2607f72b4f425dabaea7cde5d292ac41aea0c18c78bc6e408fff9e_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:aa63717ac3a4961e774ed0baa3a73f01eda185516e7380579d97b9d25764d10d_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:1ac9cdfbdce8f7b6e4ebf5e40013f766b71b6dd604c92f602aca96612a228eda_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:d89e9ef65993466d25b26702d0210c14ce191155501774f4d2f1f08dbdad9804_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:5acf34dc4041b694b452d46c2f656db566241773285ca305a79ab7b9dc087b43_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:90ed03a5e0cb0b0ffd85f7434cc4eda9bd8fe81cd90b597772d9b7caccd4b80f_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:aaa03ef0769d38185675db2a7a78454659de14bdebe5ff842614bf2124e5adfe_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:aaaf4f6095294b497889749390f0a3aac04b83131a423799c44b5e367e0b370a_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:58bd4ffc3e9599401251ac929cf15c1773ecc03a57177118adbe23ac8d7762af_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:4141db5099ae659270297eb4aaff695ac43fce67d91fea49dbc76583f419d3a1_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:633eeb0b6b50e21bbc0fb12fd2262294733fc9ac8b1e9eedcdb9d1433534d88d_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:19dbf2bb83f8a0f35079d6ae25f8fcddad970e48ecb21694fd2d4c553313e4aa_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:93e95f065eadaa41154b9012dd5ddc824607758e2bce85c4256c2689125b80a4_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:70d3d46f54b91538e047df62e7e5b161fabac195a2f2e45cdba78215b4c82a7d_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1ca6945c3918f1743a4cee86a507f9f6581c8f8e572b6b8739d79a675a64d1db_amd64 | — |
Threats
Impact
Moderate
A vulnerability was found in the golang.org/x/text/language package. An attacker can craft an Accept-Language header which ParseAcceptLanguage will take significant time to parse. This issue leads to a denial of service, and can impact availability.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1ca6945c3918f1743a4cee86a507f9f6581c8f8e572b6b8739d79a675a64d1db_amd64 | — |
Vendor Fix
fix
|
Known not affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:362eb32d0d2607f72b4f425dabaea7cde5d292ac41aea0c18c78bc6e408fff9e_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:aa63717ac3a4961e774ed0baa3a73f01eda185516e7380579d97b9d25764d10d_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:1ac9cdfbdce8f7b6e4ebf5e40013f766b71b6dd604c92f602aca96612a228eda_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:d89e9ef65993466d25b26702d0210c14ce191155501774f4d2f1f08dbdad9804_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:5acf34dc4041b694b452d46c2f656db566241773285ca305a79ab7b9dc087b43_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:15df7304827ce49d422554551f08d99cfffa1afc4ffacac145d4399ccb1cbd68_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:90ed03a5e0cb0b0ffd85f7434cc4eda9bd8fe81cd90b597772d9b7caccd4b80f_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:aaa03ef0769d38185675db2a7a78454659de14bdebe5ff842614bf2124e5adfe_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:aaaf4f6095294b497889749390f0a3aac04b83131a423799c44b5e367e0b370a_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:58bd4ffc3e9599401251ac929cf15c1773ecc03a57177118adbe23ac8d7762af_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:4141db5099ae659270297eb4aaff695ac43fce67d91fea49dbc76583f419d3a1_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:633eeb0b6b50e21bbc0fb12fd2262294733fc9ac8b1e9eedcdb9d1433534d88d_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:19dbf2bb83f8a0f35079d6ae25f8fcddad970e48ecb21694fd2d4c553313e4aa_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:93e95f065eadaa41154b9012dd5ddc824607758e2bce85c4256c2689125b80a4_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:70d3d46f54b91538e047df62e7e5b161fabac195a2f2e45cdba78215b4c82a7d_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:26f8fb5c41ece82626325ba502505ba1ca7986602cc147b492f9857caa0be868_amd64 | — |
Threats
Impact
Moderate
An uncontrolled resource consumption flaw was found in Golang math/big. A too-short encoded message can cause a panic in Float.GobDecode and Rat.GobDecode in math/big in Go, potentially allowing an attacker to create a denial of service, impacting availability.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:26f8fb5c41ece82626325ba502505ba1ca7986602cc147b492f9857caa0be868_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:362eb32d0d2607f72b4f425dabaea7cde5d292ac41aea0c18c78bc6e408fff9e_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:aa63717ac3a4961e774ed0baa3a73f01eda185516e7380579d97b9d25764d10d_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:1ac9cdfbdce8f7b6e4ebf5e40013f766b71b6dd604c92f602aca96612a228eda_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:d89e9ef65993466d25b26702d0210c14ce191155501774f4d2f1f08dbdad9804_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:5acf34dc4041b694b452d46c2f656db566241773285ca305a79ab7b9dc087b43_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:15df7304827ce49d422554551f08d99cfffa1afc4ffacac145d4399ccb1cbd68_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:90ed03a5e0cb0b0ffd85f7434cc4eda9bd8fe81cd90b597772d9b7caccd4b80f_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:aaa03ef0769d38185675db2a7a78454659de14bdebe5ff842614bf2124e5adfe_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:aaaf4f6095294b497889749390f0a3aac04b83131a423799c44b5e367e0b370a_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:58bd4ffc3e9599401251ac929cf15c1773ecc03a57177118adbe23ac8d7762af_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:4141db5099ae659270297eb4aaff695ac43fce67d91fea49dbc76583f419d3a1_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:633eeb0b6b50e21bbc0fb12fd2262294733fc9ac8b1e9eedcdb9d1433534d88d_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:19dbf2bb83f8a0f35079d6ae25f8fcddad970e48ecb21694fd2d4c553313e4aa_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:93e95f065eadaa41154b9012dd5ddc824607758e2bce85c4256c2689125b80a4_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:70d3d46f54b91538e047df62e7e5b161fabac195a2f2e45cdba78215b4c82a7d_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1ca6945c3918f1743a4cee86a507f9f6581c8f8e572b6b8739d79a675a64d1db_amd64 | — |
Workaround
|
Threats
Impact
Low
A flaw was found in the golang package. The JoinPath doesn't remove the ../ path components appended to a domain that is not terminated by a slash, possibly leading to a directory traversal attack.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:26f8fb5c41ece82626325ba502505ba1ca7986602cc147b492f9857caa0be868_amd64 | — |
Vendor Fix
fix
|
Known not affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:362eb32d0d2607f72b4f425dabaea7cde5d292ac41aea0c18c78bc6e408fff9e_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:aa63717ac3a4961e774ed0baa3a73f01eda185516e7380579d97b9d25764d10d_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:1ac9cdfbdce8f7b6e4ebf5e40013f766b71b6dd604c92f602aca96612a228eda_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:d89e9ef65993466d25b26702d0210c14ce191155501774f4d2f1f08dbdad9804_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:5acf34dc4041b694b452d46c2f656db566241773285ca305a79ab7b9dc087b43_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:15df7304827ce49d422554551f08d99cfffa1afc4ffacac145d4399ccb1cbd68_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:90ed03a5e0cb0b0ffd85f7434cc4eda9bd8fe81cd90b597772d9b7caccd4b80f_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:aaa03ef0769d38185675db2a7a78454659de14bdebe5ff842614bf2124e5adfe_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:aaaf4f6095294b497889749390f0a3aac04b83131a423799c44b5e367e0b370a_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:58bd4ffc3e9599401251ac929cf15c1773ecc03a57177118adbe23ac8d7762af_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:4141db5099ae659270297eb4aaff695ac43fce67d91fea49dbc76583f419d3a1_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:633eeb0b6b50e21bbc0fb12fd2262294733fc9ac8b1e9eedcdb9d1433534d88d_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:19dbf2bb83f8a0f35079d6ae25f8fcddad970e48ecb21694fd2d4c553313e4aa_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:93e95f065eadaa41154b9012dd5ddc824607758e2bce85c4256c2689125b80a4_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:70d3d46f54b91538e047df62e7e5b161fabac195a2f2e45cdba78215b4c82a7d_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1ca6945c3918f1743a4cee86a507f9f6581c8f8e572b6b8739d79a675a64d1db_amd64 | — |
Threats
Impact
Moderate
A flaw was found in the golang package, where programs that compile regular expressions from untrusted sources are vulnerable to memory exhaustion or a denial of service. The parsed regexp representation is linear in the input size. Still, in some cases, the constant factor can be as high as 40,000, making a relatively small regexp consume larger amounts of memory. After the fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Routine use of regular expressions is unaffected.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:26f8fb5c41ece82626325ba502505ba1ca7986602cc147b492f9857caa0be868_amd64 | — |
Vendor Fix
fix
|
Known not affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:362eb32d0d2607f72b4f425dabaea7cde5d292ac41aea0c18c78bc6e408fff9e_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:aa63717ac3a4961e774ed0baa3a73f01eda185516e7380579d97b9d25764d10d_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:1ac9cdfbdce8f7b6e4ebf5e40013f766b71b6dd604c92f602aca96612a228eda_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:d89e9ef65993466d25b26702d0210c14ce191155501774f4d2f1f08dbdad9804_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:5acf34dc4041b694b452d46c2f656db566241773285ca305a79ab7b9dc087b43_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:15df7304827ce49d422554551f08d99cfffa1afc4ffacac145d4399ccb1cbd68_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:90ed03a5e0cb0b0ffd85f7434cc4eda9bd8fe81cd90b597772d9b7caccd4b80f_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:aaa03ef0769d38185675db2a7a78454659de14bdebe5ff842614bf2124e5adfe_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:aaaf4f6095294b497889749390f0a3aac04b83131a423799c44b5e367e0b370a_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:58bd4ffc3e9599401251ac929cf15c1773ecc03a57177118adbe23ac8d7762af_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:4141db5099ae659270297eb4aaff695ac43fce67d91fea49dbc76583f419d3a1_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:633eeb0b6b50e21bbc0fb12fd2262294733fc9ac8b1e9eedcdb9d1433534d88d_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:19dbf2bb83f8a0f35079d6ae25f8fcddad970e48ecb21694fd2d4c553313e4aa_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:93e95f065eadaa41154b9012dd5ddc824607758e2bce85c4256c2689125b80a4_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:70d3d46f54b91538e047df62e7e5b161fabac195a2f2e45cdba78215b4c82a7d_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1ca6945c3918f1743a4cee86a507f9f6581c8f8e572b6b8739d79a675a64d1db_amd64 | — |
Threats
Impact
Moderate
A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.
5.3 (Medium)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:362eb32d0d2607f72b4f425dabaea7cde5d292ac41aea0c18c78bc6e408fff9e_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:5acf34dc4041b694b452d46c2f656db566241773285ca305a79ab7b9dc087b43_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:aaa03ef0769d38185675db2a7a78454659de14bdebe5ff842614bf2124e5adfe_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:633eeb0b6b50e21bbc0fb12fd2262294733fc9ac8b1e9eedcdb9d1433534d88d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:19dbf2bb83f8a0f35079d6ae25f8fcddad970e48ecb21694fd2d4c553313e4aa_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:93e95f065eadaa41154b9012dd5ddc824607758e2bce85c4256c2689125b80a4_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:70d3d46f54b91538e047df62e7e5b161fabac195a2f2e45cdba78215b4c82a7d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1ca6945c3918f1743a4cee86a507f9f6581c8f8e572b6b8739d79a675a64d1db_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:26f8fb5c41ece82626325ba502505ba1ca7986602cc147b492f9857caa0be868_amd64 | — |
Vendor Fix
fix
|
Known not affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:aa63717ac3a4961e774ed0baa3a73f01eda185516e7380579d97b9d25764d10d_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:1ac9cdfbdce8f7b6e4ebf5e40013f766b71b6dd604c92f602aca96612a228eda_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:d89e9ef65993466d25b26702d0210c14ce191155501774f4d2f1f08dbdad9804_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:15df7304827ce49d422554551f08d99cfffa1afc4ffacac145d4399ccb1cbd68_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:90ed03a5e0cb0b0ffd85f7434cc4eda9bd8fe81cd90b597772d9b7caccd4b80f_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:aaaf4f6095294b497889749390f0a3aac04b83131a423799c44b5e367e0b370a_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:58bd4ffc3e9599401251ac929cf15c1773ecc03a57177118adbe23ac8d7762af_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:4141db5099ae659270297eb4aaff695ac43fce67d91fea49dbc76583f419d3a1_amd64 | — |
Threats
Impact
Moderate
References
69 references
Acknowledgments
ADA Logics
Adam Korczynski
OSS-Fuzz
Head of Research, Oxeye
Daniel Abeles
Security Researcher, Oxeye
Gal Goldstein
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "The Migration Toolkit for Containers (MTC) 1.7.7 is now available.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.\n\nSecurity Fix(es) from Bugzilla:\n\n* async: Prototype Pollution in async (CVE-2021-43138)\n\n* golang: archive/tar: unbounded memory consumption when reading headers (CVE-2022-2879)\n\n* golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880)\n\n* golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)\n\n* golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags (CVE-2022-32149)\n\n* golang: net/url: JoinPath does not strip relative path components in all circumstances (CVE-2022-32190)\n\n* golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715)\n\n* golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)\n\n* golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service (CVE-2022-32189)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:0693",
"url": "https://access.redhat.com/errata/RHSA-2023:0693"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2113814",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2113814"
},
{
"category": "external",
"summary": "2124668",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124668"
},
{
"category": "external",
"summary": "2124669",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124669"
},
{
"category": "external",
"summary": "2126276",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126276"
},
{
"category": "external",
"summary": "2132867",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132867"
},
{
"category": "external",
"summary": "2132868",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132868"
},
{
"category": "external",
"summary": "2132872",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132872"
},
{
"category": "external",
"summary": "2134010",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134010"
},
{
"category": "external",
"summary": "2160662",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2160662"
},
{
"category": "external",
"summary": "2161274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161274"
},
{
"category": "external",
"summary": "MIG-1275",
"url": "https://issues.redhat.com/browse/MIG-1275"
},
{
"category": "external",
"summary": "MIG-1281",
"url": "https://issues.redhat.com/browse/MIG-1281"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_0693.json"
}
],
"title": "Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.7 security and bug fix update",
"tracking": {
"current_release_date": "2026-05-27T08:35:51+00:00",
"generator": {
"date": "2026-05-27T08:35:51+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2023:0693",
"initial_release_date": "2023-02-09T02:17:22+00:00",
"revision_history": [
{
"date": "2023-02-09T02:17:22+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-02-09T02:17:22+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-27T08:35:51+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "8Base-RHMTC-1.7",
"product": {
"name": "8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhmt:1.7::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Migration Toolkit"
},
{
"branches": [
{
"category": "product_version",
"name": "rhmtc/openshift-migration-controller-rhel8@sha256:362eb32d0d2607f72b4f425dabaea7cde5d292ac41aea0c18c78bc6e408fff9e_amd64",
"product": {
"name": "rhmtc/openshift-migration-controller-rhel8@sha256:362eb32d0d2607f72b4f425dabaea7cde5d292ac41aea0c18c78bc6e408fff9e_amd64",
"product_id": "rhmtc/openshift-migration-controller-rhel8@sha256:362eb32d0d2607f72b4f425dabaea7cde5d292ac41aea0c18c78bc6e408fff9e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-controller-rhel8@sha256:362eb32d0d2607f72b4f425dabaea7cde5d292ac41aea0c18c78bc6e408fff9e?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-controller-rhel8\u0026tag=v1.7.7-4"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-hook-runner-rhel8@sha256:aa63717ac3a4961e774ed0baa3a73f01eda185516e7380579d97b9d25764d10d_amd64",
"product": {
"name": "rhmtc/openshift-migration-hook-runner-rhel8@sha256:aa63717ac3a4961e774ed0baa3a73f01eda185516e7380579d97b9d25764d10d_amd64",
"product_id": "rhmtc/openshift-migration-hook-runner-rhel8@sha256:aa63717ac3a4961e774ed0baa3a73f01eda185516e7380579d97b9d25764d10d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-hook-runner-rhel8@sha256:aa63717ac3a4961e774ed0baa3a73f01eda185516e7380579d97b9d25764d10d?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-hook-runner-rhel8\u0026tag=v1.7.7-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:1ac9cdfbdce8f7b6e4ebf5e40013f766b71b6dd604c92f602aca96612a228eda_amd64",
"product": {
"name": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:1ac9cdfbdce8f7b6e4ebf5e40013f766b71b6dd604c92f602aca96612a228eda_amd64",
"product_id": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:1ac9cdfbdce8f7b6e4ebf5e40013f766b71b6dd604c92f602aca96612a228eda_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-legacy-rhel8-operator@sha256:1ac9cdfbdce8f7b6e4ebf5e40013f766b71b6dd604c92f602aca96612a228eda?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-legacy-rhel8-operator\u0026tag=v1.7.7-9"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:d89e9ef65993466d25b26702d0210c14ce191155501774f4d2f1f08dbdad9804_amd64",
"product": {
"name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:d89e9ef65993466d25b26702d0210c14ce191155501774f4d2f1f08dbdad9804_amd64",
"product_id": "rhmtc/openshift-migration-log-reader-rhel8@sha256:d89e9ef65993466d25b26702d0210c14ce191155501774f4d2f1f08dbdad9804_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-log-reader-rhel8@sha256:d89e9ef65993466d25b26702d0210c14ce191155501774f4d2f1f08dbdad9804?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-log-reader-rhel8\u0026tag=v1.7.7-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:5acf34dc4041b694b452d46c2f656db566241773285ca305a79ab7b9dc087b43_amd64",
"product": {
"name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:5acf34dc4041b694b452d46c2f656db566241773285ca305a79ab7b9dc087b43_amd64",
"product_id": "rhmtc/openshift-migration-must-gather-rhel8@sha256:5acf34dc4041b694b452d46c2f656db566241773285ca305a79ab7b9dc087b43_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-must-gather-rhel8@sha256:5acf34dc4041b694b452d46c2f656db566241773285ca305a79ab7b9dc087b43?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-must-gather-rhel8\u0026tag=v1.7.7-4"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-openvpn-rhel8@sha256:15df7304827ce49d422554551f08d99cfffa1afc4ffacac145d4399ccb1cbd68_amd64",
"product": {
"name": "rhmtc/openshift-migration-openvpn-rhel8@sha256:15df7304827ce49d422554551f08d99cfffa1afc4ffacac145d4399ccb1cbd68_amd64",
"product_id": "rhmtc/openshift-migration-openvpn-rhel8@sha256:15df7304827ce49d422554551f08d99cfffa1afc4ffacac145d4399ccb1cbd68_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-openvpn-rhel8@sha256:15df7304827ce49d422554551f08d99cfffa1afc4ffacac145d4399ccb1cbd68?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-openvpn-rhel8\u0026tag=v1.7.7-2"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-rhel8-operator@sha256:aaaf4f6095294b497889749390f0a3aac04b83131a423799c44b5e367e0b370a_amd64",
"product": {
"name": "rhmtc/openshift-migration-rhel8-operator@sha256:aaaf4f6095294b497889749390f0a3aac04b83131a423799c44b5e367e0b370a_amd64",
"product_id": "rhmtc/openshift-migration-rhel8-operator@sha256:aaaf4f6095294b497889749390f0a3aac04b83131a423799c44b5e367e0b370a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-rhel8-operator@sha256:aaaf4f6095294b497889749390f0a3aac04b83131a423799c44b5e367e0b370a?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-rhel8-operator\u0026tag=v1.7.7-9"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-operator-bundle@sha256:90ed03a5e0cb0b0ffd85f7434cc4eda9bd8fe81cd90b597772d9b7caccd4b80f_amd64",
"product": {
"name": "rhmtc/openshift-migration-operator-bundle@sha256:90ed03a5e0cb0b0ffd85f7434cc4eda9bd8fe81cd90b597772d9b7caccd4b80f_amd64",
"product_id": "rhmtc/openshift-migration-operator-bundle@sha256:90ed03a5e0cb0b0ffd85f7434cc4eda9bd8fe81cd90b597772d9b7caccd4b80f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-operator-bundle@sha256:90ed03a5e0cb0b0ffd85f7434cc4eda9bd8fe81cd90b597772d9b7caccd4b80f?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-operator-bundle\u0026tag=v1.7.7-9"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-registry-rhel8@sha256:aaa03ef0769d38185675db2a7a78454659de14bdebe5ff842614bf2124e5adfe_amd64",
"product": {
"name": "rhmtc/openshift-migration-registry-rhel8@sha256:aaa03ef0769d38185675db2a7a78454659de14bdebe5ff842614bf2124e5adfe_amd64",
"product_id": "rhmtc/openshift-migration-registry-rhel8@sha256:aaa03ef0769d38185675db2a7a78454659de14bdebe5ff842614bf2124e5adfe_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-registry-rhel8@sha256:aaa03ef0769d38185675db2a7a78454659de14bdebe5ff842614bf2124e5adfe?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-registry-rhel8\u0026tag=v1.7.7-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:58bd4ffc3e9599401251ac929cf15c1773ecc03a57177118adbe23ac8d7762af_amd64",
"product": {
"name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:58bd4ffc3e9599401251ac929cf15c1773ecc03a57177118adbe23ac8d7762af_amd64",
"product_id": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:58bd4ffc3e9599401251ac929cf15c1773ecc03a57177118adbe23ac8d7762af_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-rsync-transfer-rhel8@sha256:58bd4ffc3e9599401251ac929cf15c1773ecc03a57177118adbe23ac8d7762af?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-rsync-transfer-rhel8\u0026tag=v1.7.7-2"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-ui-rhel8@sha256:4141db5099ae659270297eb4aaff695ac43fce67d91fea49dbc76583f419d3a1_amd64",
"product": {
"name": "rhmtc/openshift-migration-ui-rhel8@sha256:4141db5099ae659270297eb4aaff695ac43fce67d91fea49dbc76583f419d3a1_amd64",
"product_id": "rhmtc/openshift-migration-ui-rhel8@sha256:4141db5099ae659270297eb4aaff695ac43fce67d91fea49dbc76583f419d3a1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-ui-rhel8@sha256:4141db5099ae659270297eb4aaff695ac43fce67d91fea49dbc76583f419d3a1?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-ui-rhel8\u0026tag=v1.7.7-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-rhel8@sha256:1ca6945c3918f1743a4cee86a507f9f6581c8f8e572b6b8739d79a675a64d1db_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-rhel8@sha256:1ca6945c3918f1743a4cee86a507f9f6581c8f8e572b6b8739d79a675a64d1db_amd64",
"product_id": "rhmtc/openshift-migration-velero-rhel8@sha256:1ca6945c3918f1743a4cee86a507f9f6581c8f8e572b6b8739d79a675a64d1db_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-rhel8@sha256:1ca6945c3918f1743a4cee86a507f9f6581c8f8e572b6b8739d79a675a64d1db?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-rhel8\u0026tag=v1.7.7-5"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:633eeb0b6b50e21bbc0fb12fd2262294733fc9ac8b1e9eedcdb9d1433534d88d_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:633eeb0b6b50e21bbc0fb12fd2262294733fc9ac8b1e9eedcdb9d1433534d88d_amd64",
"product_id": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:633eeb0b6b50e21bbc0fb12fd2262294733fc9ac8b1e9eedcdb9d1433534d88d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-plugin-for-aws-rhel8@sha256:633eeb0b6b50e21bbc0fb12fd2262294733fc9ac8b1e9eedcdb9d1433534d88d?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-aws-rhel8\u0026tag=v1.7.7-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:19dbf2bb83f8a0f35079d6ae25f8fcddad970e48ecb21694fd2d4c553313e4aa_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:19dbf2bb83f8a0f35079d6ae25f8fcddad970e48ecb21694fd2d4c553313e4aa_amd64",
"product_id": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:19dbf2bb83f8a0f35079d6ae25f8fcddad970e48ecb21694fd2d4c553313e4aa_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:19dbf2bb83f8a0f35079d6ae25f8fcddad970e48ecb21694fd2d4c553313e4aa?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8\u0026tag=v1.7.7-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:93e95f065eadaa41154b9012dd5ddc824607758e2bce85c4256c2689125b80a4_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:93e95f065eadaa41154b9012dd5ddc824607758e2bce85c4256c2689125b80a4_amd64",
"product_id": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:93e95f065eadaa41154b9012dd5ddc824607758e2bce85c4256c2689125b80a4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:93e95f065eadaa41154b9012dd5ddc824607758e2bce85c4256c2689125b80a4?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8\u0026tag=v1.7.7-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:70d3d46f54b91538e047df62e7e5b161fabac195a2f2e45cdba78215b4c82a7d_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:70d3d46f54b91538e047df62e7e5b161fabac195a2f2e45cdba78215b4c82a7d_amd64",
"product_id": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:70d3d46f54b91538e047df62e7e5b161fabac195a2f2e45cdba78215b4c82a7d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-restic-restore-helper-rhel8@sha256:70d3d46f54b91538e047df62e7e5b161fabac195a2f2e45cdba78215b4c82a7d?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-restic-restore-helper-rhel8\u0026tag=v1.7.7-5"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-velero-plugin-rhel8@sha256:26f8fb5c41ece82626325ba502505ba1ca7986602cc147b492f9857caa0be868_amd64",
"product": {
"name": "rhmtc/openshift-velero-plugin-rhel8@sha256:26f8fb5c41ece82626325ba502505ba1ca7986602cc147b492f9857caa0be868_amd64",
"product_id": "rhmtc/openshift-velero-plugin-rhel8@sha256:26f8fb5c41ece82626325ba502505ba1ca7986602cc147b492f9857caa0be868_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-velero-plugin-rhel8@sha256:26f8fb5c41ece82626325ba502505ba1ca7986602cc147b492f9857caa0be868?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-velero-plugin-rhel8\u0026tag=v1.7.7-3"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-controller-rhel8@sha256:362eb32d0d2607f72b4f425dabaea7cde5d292ac41aea0c18c78bc6e408fff9e_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:362eb32d0d2607f72b4f425dabaea7cde5d292ac41aea0c18c78bc6e408fff9e_amd64"
},
"product_reference": "rhmtc/openshift-migration-controller-rhel8@sha256:362eb32d0d2607f72b4f425dabaea7cde5d292ac41aea0c18c78bc6e408fff9e_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-hook-runner-rhel8@sha256:aa63717ac3a4961e774ed0baa3a73f01eda185516e7380579d97b9d25764d10d_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:aa63717ac3a4961e774ed0baa3a73f01eda185516e7380579d97b9d25764d10d_amd64"
},
"product_reference": "rhmtc/openshift-migration-hook-runner-rhel8@sha256:aa63717ac3a4961e774ed0baa3a73f01eda185516e7380579d97b9d25764d10d_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:1ac9cdfbdce8f7b6e4ebf5e40013f766b71b6dd604c92f602aca96612a228eda_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:1ac9cdfbdce8f7b6e4ebf5e40013f766b71b6dd604c92f602aca96612a228eda_amd64"
},
"product_reference": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:1ac9cdfbdce8f7b6e4ebf5e40013f766b71b6dd604c92f602aca96612a228eda_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:d89e9ef65993466d25b26702d0210c14ce191155501774f4d2f1f08dbdad9804_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:d89e9ef65993466d25b26702d0210c14ce191155501774f4d2f1f08dbdad9804_amd64"
},
"product_reference": "rhmtc/openshift-migration-log-reader-rhel8@sha256:d89e9ef65993466d25b26702d0210c14ce191155501774f4d2f1f08dbdad9804_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:5acf34dc4041b694b452d46c2f656db566241773285ca305a79ab7b9dc087b43_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:5acf34dc4041b694b452d46c2f656db566241773285ca305a79ab7b9dc087b43_amd64"
},
"product_reference": "rhmtc/openshift-migration-must-gather-rhel8@sha256:5acf34dc4041b694b452d46c2f656db566241773285ca305a79ab7b9dc087b43_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-openvpn-rhel8@sha256:15df7304827ce49d422554551f08d99cfffa1afc4ffacac145d4399ccb1cbd68_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:15df7304827ce49d422554551f08d99cfffa1afc4ffacac145d4399ccb1cbd68_amd64"
},
"product_reference": "rhmtc/openshift-migration-openvpn-rhel8@sha256:15df7304827ce49d422554551f08d99cfffa1afc4ffacac145d4399ccb1cbd68_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-operator-bundle@sha256:90ed03a5e0cb0b0ffd85f7434cc4eda9bd8fe81cd90b597772d9b7caccd4b80f_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:90ed03a5e0cb0b0ffd85f7434cc4eda9bd8fe81cd90b597772d9b7caccd4b80f_amd64"
},
"product_reference": "rhmtc/openshift-migration-operator-bundle@sha256:90ed03a5e0cb0b0ffd85f7434cc4eda9bd8fe81cd90b597772d9b7caccd4b80f_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-registry-rhel8@sha256:aaa03ef0769d38185675db2a7a78454659de14bdebe5ff842614bf2124e5adfe_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:aaa03ef0769d38185675db2a7a78454659de14bdebe5ff842614bf2124e5adfe_amd64"
},
"product_reference": "rhmtc/openshift-migration-registry-rhel8@sha256:aaa03ef0769d38185675db2a7a78454659de14bdebe5ff842614bf2124e5adfe_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-rhel8-operator@sha256:aaaf4f6095294b497889749390f0a3aac04b83131a423799c44b5e367e0b370a_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:aaaf4f6095294b497889749390f0a3aac04b83131a423799c44b5e367e0b370a_amd64"
},
"product_reference": "rhmtc/openshift-migration-rhel8-operator@sha256:aaaf4f6095294b497889749390f0a3aac04b83131a423799c44b5e367e0b370a_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:58bd4ffc3e9599401251ac929cf15c1773ecc03a57177118adbe23ac8d7762af_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:58bd4ffc3e9599401251ac929cf15c1773ecc03a57177118adbe23ac8d7762af_amd64"
},
"product_reference": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:58bd4ffc3e9599401251ac929cf15c1773ecc03a57177118adbe23ac8d7762af_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-ui-rhel8@sha256:4141db5099ae659270297eb4aaff695ac43fce67d91fea49dbc76583f419d3a1_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:4141db5099ae659270297eb4aaff695ac43fce67d91fea49dbc76583f419d3a1_amd64"
},
"product_reference": "rhmtc/openshift-migration-ui-rhel8@sha256:4141db5099ae659270297eb4aaff695ac43fce67d91fea49dbc76583f419d3a1_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:633eeb0b6b50e21bbc0fb12fd2262294733fc9ac8b1e9eedcdb9d1433534d88d_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:633eeb0b6b50e21bbc0fb12fd2262294733fc9ac8b1e9eedcdb9d1433534d88d_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:633eeb0b6b50e21bbc0fb12fd2262294733fc9ac8b1e9eedcdb9d1433534d88d_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:19dbf2bb83f8a0f35079d6ae25f8fcddad970e48ecb21694fd2d4c553313e4aa_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:19dbf2bb83f8a0f35079d6ae25f8fcddad970e48ecb21694fd2d4c553313e4aa_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:19dbf2bb83f8a0f35079d6ae25f8fcddad970e48ecb21694fd2d4c553313e4aa_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:93e95f065eadaa41154b9012dd5ddc824607758e2bce85c4256c2689125b80a4_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:93e95f065eadaa41154b9012dd5ddc824607758e2bce85c4256c2689125b80a4_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:93e95f065eadaa41154b9012dd5ddc824607758e2bce85c4256c2689125b80a4_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:70d3d46f54b91538e047df62e7e5b161fabac195a2f2e45cdba78215b4c82a7d_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:70d3d46f54b91538e047df62e7e5b161fabac195a2f2e45cdba78215b4c82a7d_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:70d3d46f54b91538e047df62e7e5b161fabac195a2f2e45cdba78215b4c82a7d_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-rhel8@sha256:1ca6945c3918f1743a4cee86a507f9f6581c8f8e572b6b8739d79a675a64d1db_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1ca6945c3918f1743a4cee86a507f9f6581c8f8e572b6b8739d79a675a64d1db_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-rhel8@sha256:1ca6945c3918f1743a4cee86a507f9f6581c8f8e572b6b8739d79a675a64d1db_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-velero-plugin-rhel8@sha256:26f8fb5c41ece82626325ba502505ba1ca7986602cc147b492f9857caa0be868_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:26f8fb5c41ece82626325ba502505ba1ca7986602cc147b492f9857caa0be868_amd64"
},
"product_reference": "rhmtc/openshift-velero-plugin-rhel8@sha256:26f8fb5c41ece82626325ba502505ba1ca7986602cc147b492f9857caa0be868_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-43138",
"cwe": {
"id": "CWE-1321",
"name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
},
"discovery_date": "2022-09-13T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:362eb32d0d2607f72b4f425dabaea7cde5d292ac41aea0c18c78bc6e408fff9e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:aa63717ac3a4961e774ed0baa3a73f01eda185516e7380579d97b9d25764d10d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:1ac9cdfbdce8f7b6e4ebf5e40013f766b71b6dd604c92f602aca96612a228eda_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:d89e9ef65993466d25b26702d0210c14ce191155501774f4d2f1f08dbdad9804_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:5acf34dc4041b694b452d46c2f656db566241773285ca305a79ab7b9dc087b43_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:15df7304827ce49d422554551f08d99cfffa1afc4ffacac145d4399ccb1cbd68_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:90ed03a5e0cb0b0ffd85f7434cc4eda9bd8fe81cd90b597772d9b7caccd4b80f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:aaa03ef0769d38185675db2a7a78454659de14bdebe5ff842614bf2124e5adfe_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:aaaf4f6095294b497889749390f0a3aac04b83131a423799c44b5e367e0b370a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:58bd4ffc3e9599401251ac929cf15c1773ecc03a57177118adbe23ac8d7762af_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:633eeb0b6b50e21bbc0fb12fd2262294733fc9ac8b1e9eedcdb9d1433534d88d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:19dbf2bb83f8a0f35079d6ae25f8fcddad970e48ecb21694fd2d4c553313e4aa_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:93e95f065eadaa41154b9012dd5ddc824607758e2bce85c4256c2689125b80a4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:70d3d46f54b91538e047df62e7e5b161fabac195a2f2e45cdba78215b4c82a7d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1ca6945c3918f1743a4cee86a507f9f6581c8f8e572b6b8739d79a675a64d1db_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:26f8fb5c41ece82626325ba502505ba1ca7986602cc147b492f9857caa0be868_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2126276"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in the async package. This flaw allows a malicious user to obtain privileges via the mapValues() method.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "async: Prototype Pollution in async",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:4141db5099ae659270297eb4aaff695ac43fce67d91fea49dbc76583f419d3a1_amd64"
],
"known_not_affected": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:362eb32d0d2607f72b4f425dabaea7cde5d292ac41aea0c18c78bc6e408fff9e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:aa63717ac3a4961e774ed0baa3a73f01eda185516e7380579d97b9d25764d10d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:1ac9cdfbdce8f7b6e4ebf5e40013f766b71b6dd604c92f602aca96612a228eda_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:d89e9ef65993466d25b26702d0210c14ce191155501774f4d2f1f08dbdad9804_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:5acf34dc4041b694b452d46c2f656db566241773285ca305a79ab7b9dc087b43_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:15df7304827ce49d422554551f08d99cfffa1afc4ffacac145d4399ccb1cbd68_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:90ed03a5e0cb0b0ffd85f7434cc4eda9bd8fe81cd90b597772d9b7caccd4b80f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:aaa03ef0769d38185675db2a7a78454659de14bdebe5ff842614bf2124e5adfe_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:aaaf4f6095294b497889749390f0a3aac04b83131a423799c44b5e367e0b370a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:58bd4ffc3e9599401251ac929cf15c1773ecc03a57177118adbe23ac8d7762af_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:633eeb0b6b50e21bbc0fb12fd2262294733fc9ac8b1e9eedcdb9d1433534d88d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:19dbf2bb83f8a0f35079d6ae25f8fcddad970e48ecb21694fd2d4c553313e4aa_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:93e95f065eadaa41154b9012dd5ddc824607758e2bce85c4256c2689125b80a4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:70d3d46f54b91538e047df62e7e5b161fabac195a2f2e45cdba78215b4c82a7d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1ca6945c3918f1743a4cee86a507f9f6581c8f8e572b6b8739d79a675a64d1db_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:26f8fb5c41ece82626325ba502505ba1ca7986602cc147b492f9857caa0be868_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-43138"
},
{
"category": "external",
"summary": "RHBZ#2126276",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126276"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-43138",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43138"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-43138",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43138"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-fwr7-v2mv-hh25",
"url": "https://github.com/advisories/GHSA-fwr7-v2mv-hh25"
}
],
"release_date": "2022-04-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-02-09T02:17:22+00:00",
"details": "For details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:4141db5099ae659270297eb4aaff695ac43fce67d91fea49dbc76583f419d3a1_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0693"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:362eb32d0d2607f72b4f425dabaea7cde5d292ac41aea0c18c78bc6e408fff9e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:aa63717ac3a4961e774ed0baa3a73f01eda185516e7380579d97b9d25764d10d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:1ac9cdfbdce8f7b6e4ebf5e40013f766b71b6dd604c92f602aca96612a228eda_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:d89e9ef65993466d25b26702d0210c14ce191155501774f4d2f1f08dbdad9804_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:5acf34dc4041b694b452d46c2f656db566241773285ca305a79ab7b9dc087b43_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:15df7304827ce49d422554551f08d99cfffa1afc4ffacac145d4399ccb1cbd68_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:90ed03a5e0cb0b0ffd85f7434cc4eda9bd8fe81cd90b597772d9b7caccd4b80f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:aaa03ef0769d38185675db2a7a78454659de14bdebe5ff842614bf2124e5adfe_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:aaaf4f6095294b497889749390f0a3aac04b83131a423799c44b5e367e0b370a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:58bd4ffc3e9599401251ac929cf15c1773ecc03a57177118adbe23ac8d7762af_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:4141db5099ae659270297eb4aaff695ac43fce67d91fea49dbc76583f419d3a1_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:633eeb0b6b50e21bbc0fb12fd2262294733fc9ac8b1e9eedcdb9d1433534d88d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:19dbf2bb83f8a0f35079d6ae25f8fcddad970e48ecb21694fd2d4c553313e4aa_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:93e95f065eadaa41154b9012dd5ddc824607758e2bce85c4256c2689125b80a4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:70d3d46f54b91538e047df62e7e5b161fabac195a2f2e45cdba78215b4c82a7d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1ca6945c3918f1743a4cee86a507f9f6581c8f8e572b6b8739d79a675a64d1db_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:26f8fb5c41ece82626325ba502505ba1ca7986602cc147b492f9857caa0be868_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "async: Prototype Pollution in async"
},
{
"acknowledgments": [
{
"names": [
"Adam Korczynski"
],
"organization": "ADA Logics"
},
{
"names": [
"OSS-Fuzz"
]
}
],
"cve": "CVE-2022-2879",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2022-10-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:362eb32d0d2607f72b4f425dabaea7cde5d292ac41aea0c18c78bc6e408fff9e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:aa63717ac3a4961e774ed0baa3a73f01eda185516e7380579d97b9d25764d10d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:1ac9cdfbdce8f7b6e4ebf5e40013f766b71b6dd604c92f602aca96612a228eda_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:d89e9ef65993466d25b26702d0210c14ce191155501774f4d2f1f08dbdad9804_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:5acf34dc4041b694b452d46c2f656db566241773285ca305a79ab7b9dc087b43_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:15df7304827ce49d422554551f08d99cfffa1afc4ffacac145d4399ccb1cbd68_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:90ed03a5e0cb0b0ffd85f7434cc4eda9bd8fe81cd90b597772d9b7caccd4b80f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:aaa03ef0769d38185675db2a7a78454659de14bdebe5ff842614bf2124e5adfe_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:aaaf4f6095294b497889749390f0a3aac04b83131a423799c44b5e367e0b370a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:58bd4ffc3e9599401251ac929cf15c1773ecc03a57177118adbe23ac8d7762af_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:4141db5099ae659270297eb4aaff695ac43fce67d91fea49dbc76583f419d3a1_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:633eeb0b6b50e21bbc0fb12fd2262294733fc9ac8b1e9eedcdb9d1433534d88d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:19dbf2bb83f8a0f35079d6ae25f8fcddad970e48ecb21694fd2d4c553313e4aa_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:93e95f065eadaa41154b9012dd5ddc824607758e2bce85c4256c2689125b80a4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:70d3d46f54b91538e047df62e7e5b161fabac195a2f2e45cdba78215b4c82a7d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1ca6945c3918f1743a4cee86a507f9f6581c8f8e572b6b8739d79a675a64d1db_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2132867"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package, where Reader.Read does not set a limit on the maximum size of file headers. After fixing, Reader.Read limits the maximum size of header blocks to 1 MiB. This flaw allows a maliciously crafted archive to cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panic.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/tar: github.com/vbatts/tar-split: unbounded memory consumption when reading headers",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.\n\n\nThis flaw additionally affects the github.com/vbatts/tar-split library and was fixed in v0.12.1.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:26f8fb5c41ece82626325ba502505ba1ca7986602cc147b492f9857caa0be868_amd64"
],
"known_not_affected": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:362eb32d0d2607f72b4f425dabaea7cde5d292ac41aea0c18c78bc6e408fff9e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:aa63717ac3a4961e774ed0baa3a73f01eda185516e7380579d97b9d25764d10d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:1ac9cdfbdce8f7b6e4ebf5e40013f766b71b6dd604c92f602aca96612a228eda_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:d89e9ef65993466d25b26702d0210c14ce191155501774f4d2f1f08dbdad9804_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:5acf34dc4041b694b452d46c2f656db566241773285ca305a79ab7b9dc087b43_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:15df7304827ce49d422554551f08d99cfffa1afc4ffacac145d4399ccb1cbd68_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:90ed03a5e0cb0b0ffd85f7434cc4eda9bd8fe81cd90b597772d9b7caccd4b80f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:aaa03ef0769d38185675db2a7a78454659de14bdebe5ff842614bf2124e5adfe_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:aaaf4f6095294b497889749390f0a3aac04b83131a423799c44b5e367e0b370a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:58bd4ffc3e9599401251ac929cf15c1773ecc03a57177118adbe23ac8d7762af_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:4141db5099ae659270297eb4aaff695ac43fce67d91fea49dbc76583f419d3a1_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:633eeb0b6b50e21bbc0fb12fd2262294733fc9ac8b1e9eedcdb9d1433534d88d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:19dbf2bb83f8a0f35079d6ae25f8fcddad970e48ecb21694fd2d4c553313e4aa_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:93e95f065eadaa41154b9012dd5ddc824607758e2bce85c4256c2689125b80a4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:70d3d46f54b91538e047df62e7e5b161fabac195a2f2e45cdba78215b4c82a7d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1ca6945c3918f1743a4cee86a507f9f6581c8f8e572b6b8739d79a675a64d1db_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-2879"
},
{
"category": "external",
"summary": "RHBZ#2132867",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132867"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-2879",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2879"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2879",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2879"
},
{
"category": "external",
"summary": "https://github.com/golang/go/issues/54853",
"url": "https://github.com/golang/go/issues/54853"
},
{
"category": "external",
"summary": "https://github.com/vbatts/tar-split/releases/tag/v0.12.1",
"url": "https://github.com/vbatts/tar-split/releases/tag/v0.12.1"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1",
"url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1"
}
],
"release_date": "2022-10-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-02-09T02:17:22+00:00",
"details": "For details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:26f8fb5c41ece82626325ba502505ba1ca7986602cc147b492f9857caa0be868_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0693"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:362eb32d0d2607f72b4f425dabaea7cde5d292ac41aea0c18c78bc6e408fff9e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:aa63717ac3a4961e774ed0baa3a73f01eda185516e7380579d97b9d25764d10d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:1ac9cdfbdce8f7b6e4ebf5e40013f766b71b6dd604c92f602aca96612a228eda_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:d89e9ef65993466d25b26702d0210c14ce191155501774f4d2f1f08dbdad9804_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:5acf34dc4041b694b452d46c2f656db566241773285ca305a79ab7b9dc087b43_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:15df7304827ce49d422554551f08d99cfffa1afc4ffacac145d4399ccb1cbd68_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:90ed03a5e0cb0b0ffd85f7434cc4eda9bd8fe81cd90b597772d9b7caccd4b80f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:aaa03ef0769d38185675db2a7a78454659de14bdebe5ff842614bf2124e5adfe_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:aaaf4f6095294b497889749390f0a3aac04b83131a423799c44b5e367e0b370a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:58bd4ffc3e9599401251ac929cf15c1773ecc03a57177118adbe23ac8d7762af_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:4141db5099ae659270297eb4aaff695ac43fce67d91fea49dbc76583f419d3a1_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:633eeb0b6b50e21bbc0fb12fd2262294733fc9ac8b1e9eedcdb9d1433534d88d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:19dbf2bb83f8a0f35079d6ae25f8fcddad970e48ecb21694fd2d4c553313e4aa_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:93e95f065eadaa41154b9012dd5ddc824607758e2bce85c4256c2689125b80a4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:70d3d46f54b91538e047df62e7e5b161fabac195a2f2e45cdba78215b4c82a7d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1ca6945c3918f1743a4cee86a507f9f6581c8f8e572b6b8739d79a675a64d1db_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:26f8fb5c41ece82626325ba502505ba1ca7986602cc147b492f9857caa0be868_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: archive/tar: github.com/vbatts/tar-split: unbounded memory consumption when reading headers"
},
{
"acknowledgments": [
{
"names": [
"Daniel Abeles"
],
"organization": "Head of Research, Oxeye"
},
{
"names": [
"Gal Goldstein"
],
"organization": "Security Researcher, Oxeye"
}
],
"cve": "CVE-2022-2880",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2022-10-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:362eb32d0d2607f72b4f425dabaea7cde5d292ac41aea0c18c78bc6e408fff9e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:aa63717ac3a4961e774ed0baa3a73f01eda185516e7380579d97b9d25764d10d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:1ac9cdfbdce8f7b6e4ebf5e40013f766b71b6dd604c92f602aca96612a228eda_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:d89e9ef65993466d25b26702d0210c14ce191155501774f4d2f1f08dbdad9804_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:5acf34dc4041b694b452d46c2f656db566241773285ca305a79ab7b9dc087b43_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:15df7304827ce49d422554551f08d99cfffa1afc4ffacac145d4399ccb1cbd68_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:90ed03a5e0cb0b0ffd85f7434cc4eda9bd8fe81cd90b597772d9b7caccd4b80f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:aaa03ef0769d38185675db2a7a78454659de14bdebe5ff842614bf2124e5adfe_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:aaaf4f6095294b497889749390f0a3aac04b83131a423799c44b5e367e0b370a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:58bd4ffc3e9599401251ac929cf15c1773ecc03a57177118adbe23ac8d7762af_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:4141db5099ae659270297eb4aaff695ac43fce67d91fea49dbc76583f419d3a1_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:633eeb0b6b50e21bbc0fb12fd2262294733fc9ac8b1e9eedcdb9d1433534d88d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:19dbf2bb83f8a0f35079d6ae25f8fcddad970e48ecb21694fd2d4c553313e4aa_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:93e95f065eadaa41154b9012dd5ddc824607758e2bce85c4256c2689125b80a4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:70d3d46f54b91538e047df62e7e5b161fabac195a2f2e45cdba78215b4c82a7d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1ca6945c3918f1743a4cee86a507f9f6581c8f8e572b6b8739d79a675a64d1db_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2132868"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After the fix, the reverse proxy sanitizes the query parameters in the forwarded query when the outbound request\u0027s form field is set after the reverse proxy. The director function returns, indicating that the proxy has parsed the query parameters. Proxies that do not parse query parameters continue to forward the original query parameters unchanged.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity to exploit this vulnerability is limited to the Golang runtime. In the case of the OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:26f8fb5c41ece82626325ba502505ba1ca7986602cc147b492f9857caa0be868_amd64"
],
"known_not_affected": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:362eb32d0d2607f72b4f425dabaea7cde5d292ac41aea0c18c78bc6e408fff9e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:aa63717ac3a4961e774ed0baa3a73f01eda185516e7380579d97b9d25764d10d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:1ac9cdfbdce8f7b6e4ebf5e40013f766b71b6dd604c92f602aca96612a228eda_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:d89e9ef65993466d25b26702d0210c14ce191155501774f4d2f1f08dbdad9804_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:5acf34dc4041b694b452d46c2f656db566241773285ca305a79ab7b9dc087b43_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:15df7304827ce49d422554551f08d99cfffa1afc4ffacac145d4399ccb1cbd68_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:90ed03a5e0cb0b0ffd85f7434cc4eda9bd8fe81cd90b597772d9b7caccd4b80f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:aaa03ef0769d38185675db2a7a78454659de14bdebe5ff842614bf2124e5adfe_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:aaaf4f6095294b497889749390f0a3aac04b83131a423799c44b5e367e0b370a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:58bd4ffc3e9599401251ac929cf15c1773ecc03a57177118adbe23ac8d7762af_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:4141db5099ae659270297eb4aaff695ac43fce67d91fea49dbc76583f419d3a1_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:633eeb0b6b50e21bbc0fb12fd2262294733fc9ac8b1e9eedcdb9d1433534d88d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:19dbf2bb83f8a0f35079d6ae25f8fcddad970e48ecb21694fd2d4c553313e4aa_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:93e95f065eadaa41154b9012dd5ddc824607758e2bce85c4256c2689125b80a4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:70d3d46f54b91538e047df62e7e5b161fabac195a2f2e45cdba78215b4c82a7d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1ca6945c3918f1743a4cee86a507f9f6581c8f8e572b6b8739d79a675a64d1db_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-2880"
},
{
"category": "external",
"summary": "RHBZ#2132868",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132868"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-2880",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2880"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2880",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2880"
},
{
"category": "external",
"summary": "https://github.com/golang/go/issues/54663",
"url": "https://github.com/golang/go/issues/54663"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1",
"url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1"
}
],
"release_date": "2022-10-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-02-09T02:17:22+00:00",
"details": "For details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:26f8fb5c41ece82626325ba502505ba1ca7986602cc147b492f9857caa0be868_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0693"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:362eb32d0d2607f72b4f425dabaea7cde5d292ac41aea0c18c78bc6e408fff9e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:aa63717ac3a4961e774ed0baa3a73f01eda185516e7380579d97b9d25764d10d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:1ac9cdfbdce8f7b6e4ebf5e40013f766b71b6dd604c92f602aca96612a228eda_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:d89e9ef65993466d25b26702d0210c14ce191155501774f4d2f1f08dbdad9804_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:5acf34dc4041b694b452d46c2f656db566241773285ca305a79ab7b9dc087b43_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:15df7304827ce49d422554551f08d99cfffa1afc4ffacac145d4399ccb1cbd68_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:90ed03a5e0cb0b0ffd85f7434cc4eda9bd8fe81cd90b597772d9b7caccd4b80f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:aaa03ef0769d38185675db2a7a78454659de14bdebe5ff842614bf2124e5adfe_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:aaaf4f6095294b497889749390f0a3aac04b83131a423799c44b5e367e0b370a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:58bd4ffc3e9599401251ac929cf15c1773ecc03a57177118adbe23ac8d7762af_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:4141db5099ae659270297eb4aaff695ac43fce67d91fea49dbc76583f419d3a1_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:633eeb0b6b50e21bbc0fb12fd2262294733fc9ac8b1e9eedcdb9d1433534d88d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:19dbf2bb83f8a0f35079d6ae25f8fcddad970e48ecb21694fd2d4c553313e4aa_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:93e95f065eadaa41154b9012dd5ddc824607758e2bce85c4256c2689125b80a4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:70d3d46f54b91538e047df62e7e5b161fabac195a2f2e45cdba78215b4c82a7d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1ca6945c3918f1743a4cee86a507f9f6581c8f8e572b6b8739d79a675a64d1db_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:26f8fb5c41ece82626325ba502505ba1ca7986602cc147b492f9857caa0be868_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters"
},
{
"cve": "CVE-2022-27664",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-09-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:362eb32d0d2607f72b4f425dabaea7cde5d292ac41aea0c18c78bc6e408fff9e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:aa63717ac3a4961e774ed0baa3a73f01eda185516e7380579d97b9d25764d10d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:1ac9cdfbdce8f7b6e4ebf5e40013f766b71b6dd604c92f602aca96612a228eda_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:d89e9ef65993466d25b26702d0210c14ce191155501774f4d2f1f08dbdad9804_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:5acf34dc4041b694b452d46c2f656db566241773285ca305a79ab7b9dc087b43_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:90ed03a5e0cb0b0ffd85f7434cc4eda9bd8fe81cd90b597772d9b7caccd4b80f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:aaa03ef0769d38185675db2a7a78454659de14bdebe5ff842614bf2124e5adfe_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:aaaf4f6095294b497889749390f0a3aac04b83131a423799c44b5e367e0b370a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:58bd4ffc3e9599401251ac929cf15c1773ecc03a57177118adbe23ac8d7762af_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:4141db5099ae659270297eb4aaff695ac43fce67d91fea49dbc76583f419d3a1_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:633eeb0b6b50e21bbc0fb12fd2262294733fc9ac8b1e9eedcdb9d1433534d88d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:19dbf2bb83f8a0f35079d6ae25f8fcddad970e48ecb21694fd2d4c553313e4aa_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:93e95f065eadaa41154b9012dd5ddc824607758e2bce85c4256c2689125b80a4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:70d3d46f54b91538e047df62e7e5b161fabac195a2f2e45cdba78215b4c82a7d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1ca6945c3918f1743a4cee86a507f9f6581c8f8e572b6b8739d79a675a64d1db_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2124669"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: handle server errors after sending GOAWAY",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:15df7304827ce49d422554551f08d99cfffa1afc4ffacac145d4399ccb1cbd68_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:26f8fb5c41ece82626325ba502505ba1ca7986602cc147b492f9857caa0be868_amd64"
],
"known_not_affected": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:362eb32d0d2607f72b4f425dabaea7cde5d292ac41aea0c18c78bc6e408fff9e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:aa63717ac3a4961e774ed0baa3a73f01eda185516e7380579d97b9d25764d10d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:1ac9cdfbdce8f7b6e4ebf5e40013f766b71b6dd604c92f602aca96612a228eda_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:d89e9ef65993466d25b26702d0210c14ce191155501774f4d2f1f08dbdad9804_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:5acf34dc4041b694b452d46c2f656db566241773285ca305a79ab7b9dc087b43_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:90ed03a5e0cb0b0ffd85f7434cc4eda9bd8fe81cd90b597772d9b7caccd4b80f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:aaa03ef0769d38185675db2a7a78454659de14bdebe5ff842614bf2124e5adfe_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:aaaf4f6095294b497889749390f0a3aac04b83131a423799c44b5e367e0b370a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:58bd4ffc3e9599401251ac929cf15c1773ecc03a57177118adbe23ac8d7762af_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:4141db5099ae659270297eb4aaff695ac43fce67d91fea49dbc76583f419d3a1_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:633eeb0b6b50e21bbc0fb12fd2262294733fc9ac8b1e9eedcdb9d1433534d88d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:19dbf2bb83f8a0f35079d6ae25f8fcddad970e48ecb21694fd2d4c553313e4aa_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:93e95f065eadaa41154b9012dd5ddc824607758e2bce85c4256c2689125b80a4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:70d3d46f54b91538e047df62e7e5b161fabac195a2f2e45cdba78215b4c82a7d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1ca6945c3918f1743a4cee86a507f9f6581c8f8e572b6b8739d79a675a64d1db_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-27664"
},
{
"category": "external",
"summary": "RHBZ#2124669",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124669"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-27664",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27664"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-27664",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27664"
},
{
"category": "external",
"summary": "https://go.dev/issue/54658",
"url": "https://go.dev/issue/54658"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ",
"url": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ"
}
],
"release_date": "2022-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-02-09T02:17:22+00:00",
"details": "For details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:15df7304827ce49d422554551f08d99cfffa1afc4ffacac145d4399ccb1cbd68_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:26f8fb5c41ece82626325ba502505ba1ca7986602cc147b492f9857caa0be868_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0693"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:362eb32d0d2607f72b4f425dabaea7cde5d292ac41aea0c18c78bc6e408fff9e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:aa63717ac3a4961e774ed0baa3a73f01eda185516e7380579d97b9d25764d10d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:1ac9cdfbdce8f7b6e4ebf5e40013f766b71b6dd604c92f602aca96612a228eda_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:d89e9ef65993466d25b26702d0210c14ce191155501774f4d2f1f08dbdad9804_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:5acf34dc4041b694b452d46c2f656db566241773285ca305a79ab7b9dc087b43_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:15df7304827ce49d422554551f08d99cfffa1afc4ffacac145d4399ccb1cbd68_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:90ed03a5e0cb0b0ffd85f7434cc4eda9bd8fe81cd90b597772d9b7caccd4b80f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:aaa03ef0769d38185675db2a7a78454659de14bdebe5ff842614bf2124e5adfe_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:aaaf4f6095294b497889749390f0a3aac04b83131a423799c44b5e367e0b370a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:58bd4ffc3e9599401251ac929cf15c1773ecc03a57177118adbe23ac8d7762af_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:4141db5099ae659270297eb4aaff695ac43fce67d91fea49dbc76583f419d3a1_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:633eeb0b6b50e21bbc0fb12fd2262294733fc9ac8b1e9eedcdb9d1433534d88d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:19dbf2bb83f8a0f35079d6ae25f8fcddad970e48ecb21694fd2d4c553313e4aa_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:93e95f065eadaa41154b9012dd5ddc824607758e2bce85c4256c2689125b80a4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:70d3d46f54b91538e047df62e7e5b161fabac195a2f2e45cdba78215b4c82a7d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1ca6945c3918f1743a4cee86a507f9f6581c8f8e572b6b8739d79a675a64d1db_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:26f8fb5c41ece82626325ba502505ba1ca7986602cc147b492f9857caa0be868_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: handle server errors after sending GOAWAY"
},
{
"cve": "CVE-2022-32149",
"cwe": {
"id": "CWE-407",
"name": "Inefficient Algorithmic Complexity"
},
"discovery_date": "2022-10-12T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:362eb32d0d2607f72b4f425dabaea7cde5d292ac41aea0c18c78bc6e408fff9e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:aa63717ac3a4961e774ed0baa3a73f01eda185516e7380579d97b9d25764d10d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:1ac9cdfbdce8f7b6e4ebf5e40013f766b71b6dd604c92f602aca96612a228eda_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:d89e9ef65993466d25b26702d0210c14ce191155501774f4d2f1f08dbdad9804_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:5acf34dc4041b694b452d46c2f656db566241773285ca305a79ab7b9dc087b43_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:15df7304827ce49d422554551f08d99cfffa1afc4ffacac145d4399ccb1cbd68_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:90ed03a5e0cb0b0ffd85f7434cc4eda9bd8fe81cd90b597772d9b7caccd4b80f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:aaa03ef0769d38185675db2a7a78454659de14bdebe5ff842614bf2124e5adfe_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:aaaf4f6095294b497889749390f0a3aac04b83131a423799c44b5e367e0b370a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:58bd4ffc3e9599401251ac929cf15c1773ecc03a57177118adbe23ac8d7762af_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:4141db5099ae659270297eb4aaff695ac43fce67d91fea49dbc76583f419d3a1_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:633eeb0b6b50e21bbc0fb12fd2262294733fc9ac8b1e9eedcdb9d1433534d88d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:19dbf2bb83f8a0f35079d6ae25f8fcddad970e48ecb21694fd2d4c553313e4aa_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:93e95f065eadaa41154b9012dd5ddc824607758e2bce85c4256c2689125b80a4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:70d3d46f54b91538e047df62e7e5b161fabac195a2f2e45cdba78215b4c82a7d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:26f8fb5c41ece82626325ba502505ba1ca7986602cc147b492f9857caa0be868_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2134010"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in the golang.org/x/text/language package. An attacker can craft an Accept-Language header which ParseAcceptLanguage will take significant time to parse. This issue leads to a denial of service, and can impact availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "After careful analysis of the vulnerability Redhat is choosing to keep the vulnerability severity as moderate,the vulnerability exists in the ParseAcceptLanguage function of the golang text/language package,when an attacker could craft an unusually large accept header and due to the parser taking quadratic time complexity to finish, firstly the attacker would have to find a way smuggle an input to the parser and even then this would simply not result in a crash of any kind but more of resource hang which while can be unpleasant,does not equate to any real world damage.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1ca6945c3918f1743a4cee86a507f9f6581c8f8e572b6b8739d79a675a64d1db_amd64"
],
"known_not_affected": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:362eb32d0d2607f72b4f425dabaea7cde5d292ac41aea0c18c78bc6e408fff9e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:aa63717ac3a4961e774ed0baa3a73f01eda185516e7380579d97b9d25764d10d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:1ac9cdfbdce8f7b6e4ebf5e40013f766b71b6dd604c92f602aca96612a228eda_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:d89e9ef65993466d25b26702d0210c14ce191155501774f4d2f1f08dbdad9804_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:5acf34dc4041b694b452d46c2f656db566241773285ca305a79ab7b9dc087b43_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:15df7304827ce49d422554551f08d99cfffa1afc4ffacac145d4399ccb1cbd68_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:90ed03a5e0cb0b0ffd85f7434cc4eda9bd8fe81cd90b597772d9b7caccd4b80f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:aaa03ef0769d38185675db2a7a78454659de14bdebe5ff842614bf2124e5adfe_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:aaaf4f6095294b497889749390f0a3aac04b83131a423799c44b5e367e0b370a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:58bd4ffc3e9599401251ac929cf15c1773ecc03a57177118adbe23ac8d7762af_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:4141db5099ae659270297eb4aaff695ac43fce67d91fea49dbc76583f419d3a1_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:633eeb0b6b50e21bbc0fb12fd2262294733fc9ac8b1e9eedcdb9d1433534d88d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:19dbf2bb83f8a0f35079d6ae25f8fcddad970e48ecb21694fd2d4c553313e4aa_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:93e95f065eadaa41154b9012dd5ddc824607758e2bce85c4256c2689125b80a4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:70d3d46f54b91538e047df62e7e5b161fabac195a2f2e45cdba78215b4c82a7d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:26f8fb5c41ece82626325ba502505ba1ca7986602cc147b492f9857caa0be868_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-32149"
},
{
"category": "external",
"summary": "RHBZ#2134010",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134010"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-32149",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32149"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32149",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32149"
},
{
"category": "external",
"summary": "https://go.dev/issue/56152",
"url": "https://go.dev/issue/56152"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-dev/c/qfPIly0X7aU",
"url": "https://groups.google.com/g/golang-dev/c/qfPIly0X7aU"
}
],
"release_date": "2022-10-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-02-09T02:17:22+00:00",
"details": "For details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1ca6945c3918f1743a4cee86a507f9f6581c8f8e572b6b8739d79a675a64d1db_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0693"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:362eb32d0d2607f72b4f425dabaea7cde5d292ac41aea0c18c78bc6e408fff9e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:aa63717ac3a4961e774ed0baa3a73f01eda185516e7380579d97b9d25764d10d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:1ac9cdfbdce8f7b6e4ebf5e40013f766b71b6dd604c92f602aca96612a228eda_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:d89e9ef65993466d25b26702d0210c14ce191155501774f4d2f1f08dbdad9804_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:5acf34dc4041b694b452d46c2f656db566241773285ca305a79ab7b9dc087b43_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:15df7304827ce49d422554551f08d99cfffa1afc4ffacac145d4399ccb1cbd68_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:90ed03a5e0cb0b0ffd85f7434cc4eda9bd8fe81cd90b597772d9b7caccd4b80f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:aaa03ef0769d38185675db2a7a78454659de14bdebe5ff842614bf2124e5adfe_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:aaaf4f6095294b497889749390f0a3aac04b83131a423799c44b5e367e0b370a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:58bd4ffc3e9599401251ac929cf15c1773ecc03a57177118adbe23ac8d7762af_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:4141db5099ae659270297eb4aaff695ac43fce67d91fea49dbc76583f419d3a1_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:633eeb0b6b50e21bbc0fb12fd2262294733fc9ac8b1e9eedcdb9d1433534d88d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:19dbf2bb83f8a0f35079d6ae25f8fcddad970e48ecb21694fd2d4c553313e4aa_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:93e95f065eadaa41154b9012dd5ddc824607758e2bce85c4256c2689125b80a4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:70d3d46f54b91538e047df62e7e5b161fabac195a2f2e45cdba78215b4c82a7d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1ca6945c3918f1743a4cee86a507f9f6581c8f8e572b6b8739d79a675a64d1db_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:26f8fb5c41ece82626325ba502505ba1ca7986602cc147b492f9857caa0be868_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags"
},
{
"cve": "CVE-2022-32189",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-08-02T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:362eb32d0d2607f72b4f425dabaea7cde5d292ac41aea0c18c78bc6e408fff9e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:aa63717ac3a4961e774ed0baa3a73f01eda185516e7380579d97b9d25764d10d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:1ac9cdfbdce8f7b6e4ebf5e40013f766b71b6dd604c92f602aca96612a228eda_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:d89e9ef65993466d25b26702d0210c14ce191155501774f4d2f1f08dbdad9804_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:5acf34dc4041b694b452d46c2f656db566241773285ca305a79ab7b9dc087b43_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:15df7304827ce49d422554551f08d99cfffa1afc4ffacac145d4399ccb1cbd68_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:90ed03a5e0cb0b0ffd85f7434cc4eda9bd8fe81cd90b597772d9b7caccd4b80f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:aaa03ef0769d38185675db2a7a78454659de14bdebe5ff842614bf2124e5adfe_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:aaaf4f6095294b497889749390f0a3aac04b83131a423799c44b5e367e0b370a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:58bd4ffc3e9599401251ac929cf15c1773ecc03a57177118adbe23ac8d7762af_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:4141db5099ae659270297eb4aaff695ac43fce67d91fea49dbc76583f419d3a1_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:633eeb0b6b50e21bbc0fb12fd2262294733fc9ac8b1e9eedcdb9d1433534d88d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:19dbf2bb83f8a0f35079d6ae25f8fcddad970e48ecb21694fd2d4c553313e4aa_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:93e95f065eadaa41154b9012dd5ddc824607758e2bce85c4256c2689125b80a4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:70d3d46f54b91538e047df62e7e5b161fabac195a2f2e45cdba78215b4c82a7d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1ca6945c3918f1743a4cee86a507f9f6581c8f8e572b6b8739d79a675a64d1db_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2113814"
}
],
"notes": [
{
"category": "description",
"text": "An uncontrolled resource consumption flaw was found in Golang math/big. A too-short encoded message can cause a panic in Float.GobDecode and Rat.GobDecode in math/big in Go, potentially allowing an attacker to create a denial of service, impacting availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw stems from a particular and specific method (GoBDecode) which isn\u0027t commonly used. There are few components within Red Hat offerings which call this function. In rare cases where this method is called, the component limits possible damage or it is not possible to be triggered by an attacker. For these combined reasons the impact has been downgraded to Low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:26f8fb5c41ece82626325ba502505ba1ca7986602cc147b492f9857caa0be868_amd64"
],
"known_not_affected": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:362eb32d0d2607f72b4f425dabaea7cde5d292ac41aea0c18c78bc6e408fff9e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:aa63717ac3a4961e774ed0baa3a73f01eda185516e7380579d97b9d25764d10d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:1ac9cdfbdce8f7b6e4ebf5e40013f766b71b6dd604c92f602aca96612a228eda_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:d89e9ef65993466d25b26702d0210c14ce191155501774f4d2f1f08dbdad9804_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:5acf34dc4041b694b452d46c2f656db566241773285ca305a79ab7b9dc087b43_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:15df7304827ce49d422554551f08d99cfffa1afc4ffacac145d4399ccb1cbd68_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:90ed03a5e0cb0b0ffd85f7434cc4eda9bd8fe81cd90b597772d9b7caccd4b80f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:aaa03ef0769d38185675db2a7a78454659de14bdebe5ff842614bf2124e5adfe_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:aaaf4f6095294b497889749390f0a3aac04b83131a423799c44b5e367e0b370a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:58bd4ffc3e9599401251ac929cf15c1773ecc03a57177118adbe23ac8d7762af_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:4141db5099ae659270297eb4aaff695ac43fce67d91fea49dbc76583f419d3a1_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:633eeb0b6b50e21bbc0fb12fd2262294733fc9ac8b1e9eedcdb9d1433534d88d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:19dbf2bb83f8a0f35079d6ae25f8fcddad970e48ecb21694fd2d4c553313e4aa_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:93e95f065eadaa41154b9012dd5ddc824607758e2bce85c4256c2689125b80a4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:70d3d46f54b91538e047df62e7e5b161fabac195a2f2e45cdba78215b4c82a7d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1ca6945c3918f1743a4cee86a507f9f6581c8f8e572b6b8739d79a675a64d1db_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-32189"
},
{
"category": "external",
"summary": "RHBZ#2113814",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2113814"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-32189",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32189"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32189",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32189"
},
{
"category": "external",
"summary": "https://go.dev/issue/53871",
"url": "https://go.dev/issue/53871"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-nuts/c/DCFSyTGM0wU",
"url": "https://groups.google.com/g/golang-nuts/c/DCFSyTGM0wU"
}
],
"release_date": "2022-08-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-02-09T02:17:22+00:00",
"details": "For details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:26f8fb5c41ece82626325ba502505ba1ca7986602cc147b492f9857caa0be868_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0693"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:362eb32d0d2607f72b4f425dabaea7cde5d292ac41aea0c18c78bc6e408fff9e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:aa63717ac3a4961e774ed0baa3a73f01eda185516e7380579d97b9d25764d10d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:1ac9cdfbdce8f7b6e4ebf5e40013f766b71b6dd604c92f602aca96612a228eda_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:d89e9ef65993466d25b26702d0210c14ce191155501774f4d2f1f08dbdad9804_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:5acf34dc4041b694b452d46c2f656db566241773285ca305a79ab7b9dc087b43_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:15df7304827ce49d422554551f08d99cfffa1afc4ffacac145d4399ccb1cbd68_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:90ed03a5e0cb0b0ffd85f7434cc4eda9bd8fe81cd90b597772d9b7caccd4b80f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:aaa03ef0769d38185675db2a7a78454659de14bdebe5ff842614bf2124e5adfe_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:aaaf4f6095294b497889749390f0a3aac04b83131a423799c44b5e367e0b370a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:58bd4ffc3e9599401251ac929cf15c1773ecc03a57177118adbe23ac8d7762af_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:4141db5099ae659270297eb4aaff695ac43fce67d91fea49dbc76583f419d3a1_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:633eeb0b6b50e21bbc0fb12fd2262294733fc9ac8b1e9eedcdb9d1433534d88d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:19dbf2bb83f8a0f35079d6ae25f8fcddad970e48ecb21694fd2d4c553313e4aa_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:93e95f065eadaa41154b9012dd5ddc824607758e2bce85c4256c2689125b80a4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:70d3d46f54b91538e047df62e7e5b161fabac195a2f2e45cdba78215b4c82a7d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1ca6945c3918f1743a4cee86a507f9f6581c8f8e572b6b8739d79a675a64d1db_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:26f8fb5c41ece82626325ba502505ba1ca7986602cc147b492f9857caa0be868_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:362eb32d0d2607f72b4f425dabaea7cde5d292ac41aea0c18c78bc6e408fff9e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:aa63717ac3a4961e774ed0baa3a73f01eda185516e7380579d97b9d25764d10d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:1ac9cdfbdce8f7b6e4ebf5e40013f766b71b6dd604c92f602aca96612a228eda_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:d89e9ef65993466d25b26702d0210c14ce191155501774f4d2f1f08dbdad9804_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:5acf34dc4041b694b452d46c2f656db566241773285ca305a79ab7b9dc087b43_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:15df7304827ce49d422554551f08d99cfffa1afc4ffacac145d4399ccb1cbd68_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:90ed03a5e0cb0b0ffd85f7434cc4eda9bd8fe81cd90b597772d9b7caccd4b80f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:aaa03ef0769d38185675db2a7a78454659de14bdebe5ff842614bf2124e5adfe_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:aaaf4f6095294b497889749390f0a3aac04b83131a423799c44b5e367e0b370a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:58bd4ffc3e9599401251ac929cf15c1773ecc03a57177118adbe23ac8d7762af_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:4141db5099ae659270297eb4aaff695ac43fce67d91fea49dbc76583f419d3a1_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:633eeb0b6b50e21bbc0fb12fd2262294733fc9ac8b1e9eedcdb9d1433534d88d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:19dbf2bb83f8a0f35079d6ae25f8fcddad970e48ecb21694fd2d4c553313e4aa_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:93e95f065eadaa41154b9012dd5ddc824607758e2bce85c4256c2689125b80a4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:70d3d46f54b91538e047df62e7e5b161fabac195a2f2e45cdba78215b4c82a7d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1ca6945c3918f1743a4cee86a507f9f6581c8f8e572b6b8739d79a675a64d1db_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:26f8fb5c41ece82626325ba502505ba1ca7986602cc147b492f9857caa0be868_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service"
},
{
"cve": "CVE-2022-32190",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2022-09-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:362eb32d0d2607f72b4f425dabaea7cde5d292ac41aea0c18c78bc6e408fff9e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:aa63717ac3a4961e774ed0baa3a73f01eda185516e7380579d97b9d25764d10d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:1ac9cdfbdce8f7b6e4ebf5e40013f766b71b6dd604c92f602aca96612a228eda_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:d89e9ef65993466d25b26702d0210c14ce191155501774f4d2f1f08dbdad9804_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:5acf34dc4041b694b452d46c2f656db566241773285ca305a79ab7b9dc087b43_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:15df7304827ce49d422554551f08d99cfffa1afc4ffacac145d4399ccb1cbd68_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:90ed03a5e0cb0b0ffd85f7434cc4eda9bd8fe81cd90b597772d9b7caccd4b80f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:aaa03ef0769d38185675db2a7a78454659de14bdebe5ff842614bf2124e5adfe_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:aaaf4f6095294b497889749390f0a3aac04b83131a423799c44b5e367e0b370a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:58bd4ffc3e9599401251ac929cf15c1773ecc03a57177118adbe23ac8d7762af_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:4141db5099ae659270297eb4aaff695ac43fce67d91fea49dbc76583f419d3a1_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:633eeb0b6b50e21bbc0fb12fd2262294733fc9ac8b1e9eedcdb9d1433534d88d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:19dbf2bb83f8a0f35079d6ae25f8fcddad970e48ecb21694fd2d4c553313e4aa_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:93e95f065eadaa41154b9012dd5ddc824607758e2bce85c4256c2689125b80a4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:70d3d46f54b91538e047df62e7e5b161fabac195a2f2e45cdba78215b4c82a7d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1ca6945c3918f1743a4cee86a507f9f6581c8f8e572b6b8739d79a675a64d1db_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2124668"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package. The JoinPath doesn\u0027t remove the ../ path components appended to a domain that is not terminated by a slash, possibly leading to a directory traversal attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: JoinPath does not strip relative path components in all circumstances",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The vulnerable functions, JoinPath and URL.JoinPath was introduced in upstream go1.19, whereas, RHEL ships go1.17 and go1.18 versions, which does not contain the vulnerable code. Hence, packages shipped with RHEL-8, RHEL-9 are not affected.\n\nAll Y stream releases of OpenShift Container Platform 4 run on RHEL-8 or RHEL-9, so OCP 4 is also not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:26f8fb5c41ece82626325ba502505ba1ca7986602cc147b492f9857caa0be868_amd64"
],
"known_not_affected": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:362eb32d0d2607f72b4f425dabaea7cde5d292ac41aea0c18c78bc6e408fff9e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:aa63717ac3a4961e774ed0baa3a73f01eda185516e7380579d97b9d25764d10d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:1ac9cdfbdce8f7b6e4ebf5e40013f766b71b6dd604c92f602aca96612a228eda_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:d89e9ef65993466d25b26702d0210c14ce191155501774f4d2f1f08dbdad9804_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:5acf34dc4041b694b452d46c2f656db566241773285ca305a79ab7b9dc087b43_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:15df7304827ce49d422554551f08d99cfffa1afc4ffacac145d4399ccb1cbd68_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:90ed03a5e0cb0b0ffd85f7434cc4eda9bd8fe81cd90b597772d9b7caccd4b80f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:aaa03ef0769d38185675db2a7a78454659de14bdebe5ff842614bf2124e5adfe_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:aaaf4f6095294b497889749390f0a3aac04b83131a423799c44b5e367e0b370a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:58bd4ffc3e9599401251ac929cf15c1773ecc03a57177118adbe23ac8d7762af_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:4141db5099ae659270297eb4aaff695ac43fce67d91fea49dbc76583f419d3a1_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:633eeb0b6b50e21bbc0fb12fd2262294733fc9ac8b1e9eedcdb9d1433534d88d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:19dbf2bb83f8a0f35079d6ae25f8fcddad970e48ecb21694fd2d4c553313e4aa_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:93e95f065eadaa41154b9012dd5ddc824607758e2bce85c4256c2689125b80a4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:70d3d46f54b91538e047df62e7e5b161fabac195a2f2e45cdba78215b4c82a7d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1ca6945c3918f1743a4cee86a507f9f6581c8f8e572b6b8739d79a675a64d1db_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-32190"
},
{
"category": "external",
"summary": "RHBZ#2124668",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124668"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-32190",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32190"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32190",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32190"
},
{
"category": "external",
"summary": "https://go.dev/issue/54385",
"url": "https://go.dev/issue/54385"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ",
"url": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ"
}
],
"release_date": "2022-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-02-09T02:17:22+00:00",
"details": "For details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:26f8fb5c41ece82626325ba502505ba1ca7986602cc147b492f9857caa0be868_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0693"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:362eb32d0d2607f72b4f425dabaea7cde5d292ac41aea0c18c78bc6e408fff9e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:aa63717ac3a4961e774ed0baa3a73f01eda185516e7380579d97b9d25764d10d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:1ac9cdfbdce8f7b6e4ebf5e40013f766b71b6dd604c92f602aca96612a228eda_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:d89e9ef65993466d25b26702d0210c14ce191155501774f4d2f1f08dbdad9804_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:5acf34dc4041b694b452d46c2f656db566241773285ca305a79ab7b9dc087b43_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:15df7304827ce49d422554551f08d99cfffa1afc4ffacac145d4399ccb1cbd68_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:90ed03a5e0cb0b0ffd85f7434cc4eda9bd8fe81cd90b597772d9b7caccd4b80f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:aaa03ef0769d38185675db2a7a78454659de14bdebe5ff842614bf2124e5adfe_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:aaaf4f6095294b497889749390f0a3aac04b83131a423799c44b5e367e0b370a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:58bd4ffc3e9599401251ac929cf15c1773ecc03a57177118adbe23ac8d7762af_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:4141db5099ae659270297eb4aaff695ac43fce67d91fea49dbc76583f419d3a1_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:633eeb0b6b50e21bbc0fb12fd2262294733fc9ac8b1e9eedcdb9d1433534d88d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:19dbf2bb83f8a0f35079d6ae25f8fcddad970e48ecb21694fd2d4c553313e4aa_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:93e95f065eadaa41154b9012dd5ddc824607758e2bce85c4256c2689125b80a4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:70d3d46f54b91538e047df62e7e5b161fabac195a2f2e45cdba78215b4c82a7d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1ca6945c3918f1743a4cee86a507f9f6581c8f8e572b6b8739d79a675a64d1db_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:26f8fb5c41ece82626325ba502505ba1ca7986602cc147b492f9857caa0be868_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/url: JoinPath does not strip relative path components in all circumstances"
},
{
"acknowledgments": [
{
"names": [
"Adam Korczynski"
],
"organization": "ADA Logics"
},
{
"names": [
"OSS-Fuzz"
]
}
],
"cve": "CVE-2022-41715",
"discovery_date": "2022-10-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:362eb32d0d2607f72b4f425dabaea7cde5d292ac41aea0c18c78bc6e408fff9e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:aa63717ac3a4961e774ed0baa3a73f01eda185516e7380579d97b9d25764d10d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:1ac9cdfbdce8f7b6e4ebf5e40013f766b71b6dd604c92f602aca96612a228eda_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:d89e9ef65993466d25b26702d0210c14ce191155501774f4d2f1f08dbdad9804_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:5acf34dc4041b694b452d46c2f656db566241773285ca305a79ab7b9dc087b43_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:15df7304827ce49d422554551f08d99cfffa1afc4ffacac145d4399ccb1cbd68_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:90ed03a5e0cb0b0ffd85f7434cc4eda9bd8fe81cd90b597772d9b7caccd4b80f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:aaa03ef0769d38185675db2a7a78454659de14bdebe5ff842614bf2124e5adfe_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:aaaf4f6095294b497889749390f0a3aac04b83131a423799c44b5e367e0b370a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:58bd4ffc3e9599401251ac929cf15c1773ecc03a57177118adbe23ac8d7762af_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:4141db5099ae659270297eb4aaff695ac43fce67d91fea49dbc76583f419d3a1_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:633eeb0b6b50e21bbc0fb12fd2262294733fc9ac8b1e9eedcdb9d1433534d88d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:19dbf2bb83f8a0f35079d6ae25f8fcddad970e48ecb21694fd2d4c553313e4aa_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:93e95f065eadaa41154b9012dd5ddc824607758e2bce85c4256c2689125b80a4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:70d3d46f54b91538e047df62e7e5b161fabac195a2f2e45cdba78215b4c82a7d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1ca6945c3918f1743a4cee86a507f9f6581c8f8e572b6b8739d79a675a64d1db_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2132872"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package, where programs that compile regular expressions from untrusted sources are vulnerable to memory exhaustion or a denial of service. The parsed regexp representation is linear in the input size. Still, in some cases, the constant factor can be as high as 40,000, making a relatively small regexp consume larger amounts of memory. After the fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Routine use of regular expressions is unaffected.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: regexp/syntax: limit memory used by parsing regexps",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:26f8fb5c41ece82626325ba502505ba1ca7986602cc147b492f9857caa0be868_amd64"
],
"known_not_affected": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:362eb32d0d2607f72b4f425dabaea7cde5d292ac41aea0c18c78bc6e408fff9e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:aa63717ac3a4961e774ed0baa3a73f01eda185516e7380579d97b9d25764d10d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:1ac9cdfbdce8f7b6e4ebf5e40013f766b71b6dd604c92f602aca96612a228eda_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:d89e9ef65993466d25b26702d0210c14ce191155501774f4d2f1f08dbdad9804_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:5acf34dc4041b694b452d46c2f656db566241773285ca305a79ab7b9dc087b43_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:15df7304827ce49d422554551f08d99cfffa1afc4ffacac145d4399ccb1cbd68_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:90ed03a5e0cb0b0ffd85f7434cc4eda9bd8fe81cd90b597772d9b7caccd4b80f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:aaa03ef0769d38185675db2a7a78454659de14bdebe5ff842614bf2124e5adfe_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:aaaf4f6095294b497889749390f0a3aac04b83131a423799c44b5e367e0b370a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:58bd4ffc3e9599401251ac929cf15c1773ecc03a57177118adbe23ac8d7762af_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:4141db5099ae659270297eb4aaff695ac43fce67d91fea49dbc76583f419d3a1_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:633eeb0b6b50e21bbc0fb12fd2262294733fc9ac8b1e9eedcdb9d1433534d88d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:19dbf2bb83f8a0f35079d6ae25f8fcddad970e48ecb21694fd2d4c553313e4aa_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:93e95f065eadaa41154b9012dd5ddc824607758e2bce85c4256c2689125b80a4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:70d3d46f54b91538e047df62e7e5b161fabac195a2f2e45cdba78215b4c82a7d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1ca6945c3918f1743a4cee86a507f9f6581c8f8e572b6b8739d79a675a64d1db_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41715"
},
{
"category": "external",
"summary": "RHBZ#2132872",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132872"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41715",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41715"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41715",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41715"
},
{
"category": "external",
"summary": "https://github.com/golang/go/issues/55949",
"url": "https://github.com/golang/go/issues/55949"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1",
"url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1"
}
],
"release_date": "2022-10-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-02-09T02:17:22+00:00",
"details": "For details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:26f8fb5c41ece82626325ba502505ba1ca7986602cc147b492f9857caa0be868_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0693"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:362eb32d0d2607f72b4f425dabaea7cde5d292ac41aea0c18c78bc6e408fff9e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:aa63717ac3a4961e774ed0baa3a73f01eda185516e7380579d97b9d25764d10d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:1ac9cdfbdce8f7b6e4ebf5e40013f766b71b6dd604c92f602aca96612a228eda_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:d89e9ef65993466d25b26702d0210c14ce191155501774f4d2f1f08dbdad9804_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:5acf34dc4041b694b452d46c2f656db566241773285ca305a79ab7b9dc087b43_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:15df7304827ce49d422554551f08d99cfffa1afc4ffacac145d4399ccb1cbd68_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:90ed03a5e0cb0b0ffd85f7434cc4eda9bd8fe81cd90b597772d9b7caccd4b80f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:aaa03ef0769d38185675db2a7a78454659de14bdebe5ff842614bf2124e5adfe_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:aaaf4f6095294b497889749390f0a3aac04b83131a423799c44b5e367e0b370a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:58bd4ffc3e9599401251ac929cf15c1773ecc03a57177118adbe23ac8d7762af_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:4141db5099ae659270297eb4aaff695ac43fce67d91fea49dbc76583f419d3a1_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:633eeb0b6b50e21bbc0fb12fd2262294733fc9ac8b1e9eedcdb9d1433534d88d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:19dbf2bb83f8a0f35079d6ae25f8fcddad970e48ecb21694fd2d4c553313e4aa_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:93e95f065eadaa41154b9012dd5ddc824607758e2bce85c4256c2689125b80a4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:70d3d46f54b91538e047df62e7e5b161fabac195a2f2e45cdba78215b4c82a7d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1ca6945c3918f1743a4cee86a507f9f6581c8f8e572b6b8739d79a675a64d1db_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:26f8fb5c41ece82626325ba502505ba1ca7986602cc147b492f9857caa0be868_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: regexp/syntax: limit memory used by parsing regexps"
},
{
"cve": "CVE-2022-41717",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-01-16T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:aa63717ac3a4961e774ed0baa3a73f01eda185516e7380579d97b9d25764d10d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:1ac9cdfbdce8f7b6e4ebf5e40013f766b71b6dd604c92f602aca96612a228eda_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:d89e9ef65993466d25b26702d0210c14ce191155501774f4d2f1f08dbdad9804_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:15df7304827ce49d422554551f08d99cfffa1afc4ffacac145d4399ccb1cbd68_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:90ed03a5e0cb0b0ffd85f7434cc4eda9bd8fe81cd90b597772d9b7caccd4b80f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:aaaf4f6095294b497889749390f0a3aac04b83131a423799c44b5e367e0b370a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:58bd4ffc3e9599401251ac929cf15c1773ecc03a57177118adbe23ac8d7762af_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:4141db5099ae659270297eb4aaff695ac43fce67d91fea49dbc76583f419d3a1_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2161274"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Within Red Hat OpenShift Container Platform, the grafana container is listed as will not fix. Since OCP 4.10, Grafana itself is not shipped and the Grafana web server is protected behind an OAuth proxy server.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:362eb32d0d2607f72b4f425dabaea7cde5d292ac41aea0c18c78bc6e408fff9e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:5acf34dc4041b694b452d46c2f656db566241773285ca305a79ab7b9dc087b43_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:aaa03ef0769d38185675db2a7a78454659de14bdebe5ff842614bf2124e5adfe_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:633eeb0b6b50e21bbc0fb12fd2262294733fc9ac8b1e9eedcdb9d1433534d88d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:19dbf2bb83f8a0f35079d6ae25f8fcddad970e48ecb21694fd2d4c553313e4aa_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:93e95f065eadaa41154b9012dd5ddc824607758e2bce85c4256c2689125b80a4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:70d3d46f54b91538e047df62e7e5b161fabac195a2f2e45cdba78215b4c82a7d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1ca6945c3918f1743a4cee86a507f9f6581c8f8e572b6b8739d79a675a64d1db_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:26f8fb5c41ece82626325ba502505ba1ca7986602cc147b492f9857caa0be868_amd64"
],
"known_not_affected": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:aa63717ac3a4961e774ed0baa3a73f01eda185516e7380579d97b9d25764d10d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:1ac9cdfbdce8f7b6e4ebf5e40013f766b71b6dd604c92f602aca96612a228eda_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:d89e9ef65993466d25b26702d0210c14ce191155501774f4d2f1f08dbdad9804_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:15df7304827ce49d422554551f08d99cfffa1afc4ffacac145d4399ccb1cbd68_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:90ed03a5e0cb0b0ffd85f7434cc4eda9bd8fe81cd90b597772d9b7caccd4b80f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:aaaf4f6095294b497889749390f0a3aac04b83131a423799c44b5e367e0b370a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:58bd4ffc3e9599401251ac929cf15c1773ecc03a57177118adbe23ac8d7762af_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:4141db5099ae659270297eb4aaff695ac43fce67d91fea49dbc76583f419d3a1_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41717"
},
{
"category": "external",
"summary": "RHBZ#2161274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161274"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41717",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41717"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41717",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41717"
},
{
"category": "external",
"summary": "https://go.dev/cl/455635",
"url": "https://go.dev/cl/455635"
},
{
"category": "external",
"summary": "https://go.dev/cl/455717",
"url": "https://go.dev/cl/455717"
},
{
"category": "external",
"summary": "https://go.dev/issue/56350",
"url": "https://go.dev/issue/56350"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ",
"url": "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2022-1144",
"url": "https://pkg.go.dev/vuln/GO-2022-1144"
}
],
"release_date": "2022-11-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-02-09T02:17:22+00:00",
"details": "For details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:362eb32d0d2607f72b4f425dabaea7cde5d292ac41aea0c18c78bc6e408fff9e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:5acf34dc4041b694b452d46c2f656db566241773285ca305a79ab7b9dc087b43_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:aaa03ef0769d38185675db2a7a78454659de14bdebe5ff842614bf2124e5adfe_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:633eeb0b6b50e21bbc0fb12fd2262294733fc9ac8b1e9eedcdb9d1433534d88d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:19dbf2bb83f8a0f35079d6ae25f8fcddad970e48ecb21694fd2d4c553313e4aa_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:93e95f065eadaa41154b9012dd5ddc824607758e2bce85c4256c2689125b80a4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:70d3d46f54b91538e047df62e7e5b161fabac195a2f2e45cdba78215b4c82a7d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1ca6945c3918f1743a4cee86a507f9f6581c8f8e572b6b8739d79a675a64d1db_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:26f8fb5c41ece82626325ba502505ba1ca7986602cc147b492f9857caa0be868_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0693"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:362eb32d0d2607f72b4f425dabaea7cde5d292ac41aea0c18c78bc6e408fff9e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:aa63717ac3a4961e774ed0baa3a73f01eda185516e7380579d97b9d25764d10d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:1ac9cdfbdce8f7b6e4ebf5e40013f766b71b6dd604c92f602aca96612a228eda_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:d89e9ef65993466d25b26702d0210c14ce191155501774f4d2f1f08dbdad9804_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:5acf34dc4041b694b452d46c2f656db566241773285ca305a79ab7b9dc087b43_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:15df7304827ce49d422554551f08d99cfffa1afc4ffacac145d4399ccb1cbd68_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:90ed03a5e0cb0b0ffd85f7434cc4eda9bd8fe81cd90b597772d9b7caccd4b80f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:aaa03ef0769d38185675db2a7a78454659de14bdebe5ff842614bf2124e5adfe_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:aaaf4f6095294b497889749390f0a3aac04b83131a423799c44b5e367e0b370a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:58bd4ffc3e9599401251ac929cf15c1773ecc03a57177118adbe23ac8d7762af_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:4141db5099ae659270297eb4aaff695ac43fce67d91fea49dbc76583f419d3a1_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:633eeb0b6b50e21bbc0fb12fd2262294733fc9ac8b1e9eedcdb9d1433534d88d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:19dbf2bb83f8a0f35079d6ae25f8fcddad970e48ecb21694fd2d4c553313e4aa_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:93e95f065eadaa41154b9012dd5ddc824607758e2bce85c4256c2689125b80a4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:70d3d46f54b91538e047df62e7e5b161fabac195a2f2e45cdba78215b4c82a7d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1ca6945c3918f1743a4cee86a507f9f6581c8f8e572b6b8739d79a675a64d1db_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:26f8fb5c41ece82626325ba502505ba1ca7986602cc147b492f9857caa0be868_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…