Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2020-28362 (GCVE-0-2020-28362)
Vulnerability from cvelistv5 – Published: 2020-11-18 16:27 – Updated: 2024-08-04 16:33
VLAI
EPSS
Summary
Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://lists.apache.org/thread.html/rd02e75766cd… | mailing-listx_refsource_MLIST |
| https://groups.google.com/g/golang-nuts/c/c-ssaaS7RMI | x_refsource_CONFIRM |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://security.netapp.com/advisory/ntap-2020120… | x_refsource_CONFIRM |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://www.arista.com/en/support/advisories-noti… | x_refsource_MISC |
Date Public
2020-11-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:33:59.119Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[trafficcontrol-issues] 20201112 [GitHub] [trafficcontrol] zrhoffman opened a new pull request #5278: Update Go version to 1.15.5",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rd02e75766cd333a0df417588460f5e4477060633000bfe94955851fd%40%3Cissues.trafficcontrol.apache.org%3E"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://groups.google.com/g/golang-nuts/c/c-ssaaS7RMI"
},
{
"name": "FEDORA-2020-864922e78a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F3ZSHGNTJWCWYAKY5OLZS2XQQYHSXSUO/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20201202-0004/"
},
{
"name": "FEDORA-2020-e971480183",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2W4COUPL3YVTZ6RTEIT6LPBDJUFF3VSP/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12166-security-advisory-62"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2020-11-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-05T09:58:49.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[trafficcontrol-issues] 20201112 [GitHub] [trafficcontrol] zrhoffman opened a new pull request #5278: Update Go version to 1.15.5",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rd02e75766cd333a0df417588460f5e4477060633000bfe94955851fd%40%3Cissues.trafficcontrol.apache.org%3E"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://groups.google.com/g/golang-nuts/c/c-ssaaS7RMI"
},
{
"name": "FEDORA-2020-864922e78a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F3ZSHGNTJWCWYAKY5OLZS2XQQYHSXSUO/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20201202-0004/"
},
{
"name": "FEDORA-2020-e971480183",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2W4COUPL3YVTZ6RTEIT6LPBDJUFF3VSP/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12166-security-advisory-62"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-28362",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[trafficcontrol-issues] 20201112 [GitHub] [trafficcontrol] zrhoffman opened a new pull request #5278: Update Go version to 1.15.5",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd02e75766cd333a0df417588460f5e4477060633000bfe94955851fd@%3Cissues.trafficcontrol.apache.org%3E"
},
{
"name": "https://groups.google.com/g/golang-nuts/c/c-ssaaS7RMI",
"refsource": "CONFIRM",
"url": "https://groups.google.com/g/golang-nuts/c/c-ssaaS7RMI"
},
{
"name": "FEDORA-2020-864922e78a",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F3ZSHGNTJWCWYAKY5OLZS2XQQYHSXSUO/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20201202-0004/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20201202-0004/"
},
{
"name": "FEDORA-2020-e971480183",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2W4COUPL3YVTZ6RTEIT6LPBDJUFF3VSP/"
},
{
"name": "https://www.arista.com/en/support/advisories-notices/security-advisories/12166-security-advisory-62",
"refsource": "MISC",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12166-security-advisory-62"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-28362",
"datePublished": "2020-11-18T16:27:38.000Z",
"dateReserved": "2020-11-09T00:00:00.000Z",
"dateUpdated": "2024-08-04T16:33:59.119Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2020-28362",
"date": "2026-05-29",
"epss": "0.00711",
"percentile": "0.72564"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2020-28362\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2020-11-18T17:15:11.930\",\"lastModified\":\"2024-11-21T05:22:39.757\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service.\"},{\"lang\":\"es\",\"value\":\"Go versiones anteriores a 1.14.12 y versiones 1.15.x anteriores a 1.15.4, permite una Denegaci\u00f3n de Servicio\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-295\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.14.12\",\"matchCriteriaId\":\"A2175A10-2BF6-430A-A90E-C3957B4FF493\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.15\",\"versionEndExcluding\":\"1.15.5\",\"matchCriteriaId\":\"0D85EBF5-35FF-4F02-87AB-16FF644D11F3\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36D96259-24BD-44E2-96D9-78CE1D41F956\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E460AA51-FCDA-46B9-AE97-E6676AA5E194\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:cloud_insights_telegraf_agent:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5DAE7369-EEC5-405E-9D13-858335FDA647\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:trident:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5D9A34F5-AC03-4098-A37D-AD50727DDB11\"}]}]}],\"references\":[{\"url\":\"https://groups.google.com/g/golang-nuts/c/c-ssaaS7RMI\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/rd02e75766cd333a0df417588460f5e4477060633000bfe94955851fd%40%3Cissues.trafficcontrol.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2W4COUPL3YVTZ6RTEIT6LPBDJUFF3VSP/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F3ZSHGNTJWCWYAKY5OLZS2XQQYHSXSUO/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20201202-0004/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.arista.com/en/support/advisories-notices/security-advisories/12166-security-advisory-62\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://groups.google.com/g/golang-nuts/c/c-ssaaS7RMI\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/rd02e75766cd333a0df417588460f5e4477060633000bfe94955851fd%40%3Cissues.trafficcontrol.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2W4COUPL3YVTZ6RTEIT6LPBDJUFF3VSP/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F3ZSHGNTJWCWYAKY5OLZS2XQQYHSXSUO/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20201202-0004/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.arista.com/en/support/advisories-notices/security-advisories/12166-security-advisory-62\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
RHSA-2021:0956
Vulnerability from csaf_redhat - Published: 2021-03-30 16:48 - Updated: 2026-04-30 16:09Summary
Red Hat Security Advisory: OpenShift Container Platform 4.6.23 security update
Severity
Low
Notes
Topic: Red Hat OpenShift Container Platform release 4.6.23 is now available with
updates to packages and images that fix several bugs and add enhancements.
Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: ed Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.
This advisory contains the RPM packages for Red Hat OpenShift Container
Platform 4.6.23. See the following advisory for the container images for
this release:
https://access.redhat.com/errata/RHBA-2021:0952
All OpenShift Container Platform 4.6 users are advised to upgrade to these
updated packages and images when they are available in the appropriate
release channel. To check for available updates, use the OpenShift Console
or the CLI oc command. Instructions for upgrading a cluster are available
at
https://docs.openshift.com/container-platform/4.6/updating/updating-cluster
-between-minor.html#understanding-upgrade-channels_updating-cluster-between
-minor.
Security Fix(es):
* golang: data race in certain net/http servers including ReverseProxy can lead to DoS (CVE-2020-15586)
* golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs (CVE-2020-16845)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found Go's net/http package. Servers using ReverseProxy from net/http in the Go standard library are vulnerable to a data race that results in a denial of service. The highest threat from this vulnerability is to system availability.
5.9 (Medium)
Affected products
Fixed
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSE-4.6:openshift-eventrouter-0:0.2-6.git7c289cc.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.6:openshift-eventrouter-0:0.2-6.git7c289cc.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.6:openshift-eventrouter-0:0.2-6.git7c289cc.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.6:openshift-eventrouter-0:0.2-6.git7c289cc.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.6:openshift-eventrouter-debuginfo-0:0.2-6.git7c289cc.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.6:openshift-eventrouter-debuginfo-0:0.2-6.git7c289cc.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.6:openshift-eventrouter-debuginfo-0:0.2-6.git7c289cc.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.6:openshift-eventrouter-debugsource-0:0.2-6.git7c289cc.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.6:openshift-eventrouter-debugsource-0:0.2-6.git7c289cc.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.6:openshift-eventrouter-debugsource-0:0.2-6.git7c289cc.el8.x86_64 | — |
Vendor Fix
fix
|
Known not affected
22 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202103210832.p0.git.94284.834ccc7.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202103192141.p0.git.0.d1b612b.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202103192141.p0.git.0.d1b612b.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.6:openshift-ansible-test-0:4.6.0-202103192141.p0.git.0.d1b612b.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202103200039.p0.git.3841.3e951a5.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202103200039.p0.git.3841.3e951a5.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202103200039.p0.git.3841.3e951a5.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202103210832.p0.git.94284.834ccc7.el7.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.6:openshift-0:4.6.0-202103210832.p0.git.94284.834ccc7.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202103200039.p0.git.3841.3e951a5.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202103200039.p0.git.3841.3e951a5.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202103200039.p0.git.3841.3e951a5.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202103200039.p0.git.3841.3e951a5.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202103200039.p0.git.3841.3e951a5.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202103210832.p0.git.94284.834ccc7.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202103210832.p0.git.94284.834ccc7.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202103210832.p0.git.94284.834ccc7.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202103192141.p0.git.2234.cba9525.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202103192141.p0.git.2234.cba9525.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202103192141.p0.git.2234.cba9525.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202103192141.p0.git.2234.cba9525.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202103192141.p0.git.2234.cba9525.el8.noarch | — |
Threats
Impact
Low
A flaw was found in the Go encoding/binary package. Certain invalid inputs to the ReadUvarint or the ReadVarint causes those functions to read an unlimited number of bytes from the ByteReader argument before returning an error. This flaw possibly leads to processing more input than expected. The highest threat from this vulnerability is to system availability.
7.5 (High)
Affected products
Fixed
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSE-4.6:openshift-eventrouter-0:0.2-6.git7c289cc.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.6:openshift-eventrouter-0:0.2-6.git7c289cc.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.6:openshift-eventrouter-0:0.2-6.git7c289cc.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.6:openshift-eventrouter-0:0.2-6.git7c289cc.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.6:openshift-eventrouter-debuginfo-0:0.2-6.git7c289cc.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.6:openshift-eventrouter-debuginfo-0:0.2-6.git7c289cc.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.6:openshift-eventrouter-debuginfo-0:0.2-6.git7c289cc.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.6:openshift-eventrouter-debugsource-0:0.2-6.git7c289cc.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.6:openshift-eventrouter-debugsource-0:0.2-6.git7c289cc.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.6:openshift-eventrouter-debugsource-0:0.2-6.git7c289cc.el8.x86_64 | — |
Vendor Fix
fix
|
Known not affected
22 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202103210832.p0.git.94284.834ccc7.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202103192141.p0.git.0.d1b612b.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202103192141.p0.git.0.d1b612b.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.6:openshift-ansible-test-0:4.6.0-202103192141.p0.git.0.d1b612b.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202103200039.p0.git.3841.3e951a5.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202103200039.p0.git.3841.3e951a5.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202103200039.p0.git.3841.3e951a5.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202103210832.p0.git.94284.834ccc7.el7.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.6:openshift-0:4.6.0-202103210832.p0.git.94284.834ccc7.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202103200039.p0.git.3841.3e951a5.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202103200039.p0.git.3841.3e951a5.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202103200039.p0.git.3841.3e951a5.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202103200039.p0.git.3841.3e951a5.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202103200039.p0.git.3841.3e951a5.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202103210832.p0.git.94284.834ccc7.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202103210832.p0.git.94284.834ccc7.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202103210832.p0.git.94284.834ccc7.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202103192141.p0.git.2234.cba9525.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202103192141.p0.git.2234.cba9525.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202103192141.p0.git.2234.cba9525.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202103192141.p0.git.2234.cba9525.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202103192141.p0.git.2234.cba9525.el8.noarch | — |
Threats
Impact
Low
A flaw was found in the math/big package of Go's standard library that causes a denial of service. Applications written in Go that use math/big via cryptographic packages, including crypto/rsa and crypto/x509, are vulnerable and can potentially cause panic via a crafted certificate chain. The highest threat from this vulnerability is to system availability.
7.5 (High)
Affected products
Fixed
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSE-4.6:openshift-eventrouter-0:0.2-6.git7c289cc.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.6:openshift-eventrouter-0:0.2-6.git7c289cc.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.6:openshift-eventrouter-0:0.2-6.git7c289cc.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.6:openshift-eventrouter-0:0.2-6.git7c289cc.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.6:openshift-eventrouter-debuginfo-0:0.2-6.git7c289cc.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.6:openshift-eventrouter-debuginfo-0:0.2-6.git7c289cc.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.6:openshift-eventrouter-debuginfo-0:0.2-6.git7c289cc.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.6:openshift-eventrouter-debugsource-0:0.2-6.git7c289cc.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.6:openshift-eventrouter-debugsource-0:0.2-6.git7c289cc.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.6:openshift-eventrouter-debugsource-0:0.2-6.git7c289cc.el8.x86_64 | — |
Vendor Fix
fix
|
Known not affected
22 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202103210832.p0.git.94284.834ccc7.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202103192141.p0.git.0.d1b612b.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202103192141.p0.git.0.d1b612b.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.6:openshift-ansible-test-0:4.6.0-202103192141.p0.git.0.d1b612b.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202103200039.p0.git.3841.3e951a5.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202103200039.p0.git.3841.3e951a5.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202103200039.p0.git.3841.3e951a5.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202103210832.p0.git.94284.834ccc7.el7.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.6:openshift-0:4.6.0-202103210832.p0.git.94284.834ccc7.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202103200039.p0.git.3841.3e951a5.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202103200039.p0.git.3841.3e951a5.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202103200039.p0.git.3841.3e951a5.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202103200039.p0.git.3841.3e951a5.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202103200039.p0.git.3841.3e951a5.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202103210832.p0.git.94284.834ccc7.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202103210832.p0.git.94284.834ccc7.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202103210832.p0.git.94284.834ccc7.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202103192141.p0.git.2234.cba9525.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202103192141.p0.git.2234.cba9525.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202103192141.p0.git.2234.cba9525.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202103192141.p0.git.2234.cba9525.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202103192141.p0.git.2234.cba9525.el8.noarch | — |
Threats
Impact
Moderate
References
20 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Low"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Container Platform release 4.6.23 is now available with\nupdates to packages and images that fix several bugs and add enhancements.\n\nRed Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "ed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container\nPlatform 4.6.23. See the following advisory for the container images for\nthis release:\n\nhttps://access.redhat.com/errata/RHBA-2021:0952\n\nAll OpenShift Container Platform 4.6 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster\n-between-minor.html#understanding-upgrade-channels_updating-cluster-between\n-minor.\n\nSecurity Fix(es):\n\n* golang: data race in certain net/http servers including ReverseProxy can lead to DoS (CVE-2020-15586)\n\n* golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs (CVE-2020-16845)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2021:0956",
"url": "https://access.redhat.com/errata/RHSA-2021:0956"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#low",
"url": "https://access.redhat.com/security/updates/classification/#low"
},
{
"category": "external",
"summary": "1856953",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1856953"
},
{
"category": "external",
"summary": "1867099",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1867099"
},
{
"category": "external",
"summary": "1941433",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1941433"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_0956.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Container Platform 4.6.23 security update",
"tracking": {
"current_release_date": "2026-04-30T16:09:22+00:00",
"generator": {
"date": "2026-04-30T16:09:22+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.7"
}
},
"id": "RHSA-2021:0956",
"initial_release_date": "2021-03-30T16:48:30+00:00",
"revision_history": [
{
"date": "2021-03-30T16:48:30+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2021-03-30T16:48:30+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-04-30T16:09:22+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 4.6",
"product": {
"name": "Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:4.6::el8"
}
}
},
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 4.6",
"product": {
"name": "Red Hat OpenShift Container Platform 4.6",
"product_id": "7Server-RH7-RHOSE-4.6",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:4.6::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-clients-0:4.6.0-202103200039.p0.git.3841.3e951a5.el8.src",
"product": {
"name": "openshift-clients-0:4.6.0-202103200039.p0.git.3841.3e951a5.el8.src",
"product_id": "openshift-clients-0:4.6.0-202103200039.p0.git.3841.3e951a5.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-clients@4.6.0-202103200039.p0.git.3841.3e951a5.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-kuryr-0:4.6.0-202103192141.p0.git.2234.cba9525.el8.src",
"product": {
"name": "openshift-kuryr-0:4.6.0-202103192141.p0.git.2234.cba9525.el8.src",
"product_id": "openshift-kuryr-0:4.6.0-202103192141.p0.git.2234.cba9525.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-kuryr@4.6.0-202103192141.p0.git.2234.cba9525.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-0:4.6.0-202103210832.p0.git.94284.834ccc7.el8.src",
"product": {
"name": "openshift-0:4.6.0-202103210832.p0.git.94284.834ccc7.el8.src",
"product_id": "openshift-0:4.6.0-202103210832.p0.git.94284.834ccc7.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift@4.6.0-202103210832.p0.git.94284.834ccc7.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-eventrouter-0:0.2-6.git7c289cc.el8.src",
"product": {
"name": "openshift-eventrouter-0:0.2-6.git7c289cc.el8.src",
"product_id": "openshift-eventrouter-0:0.2-6.git7c289cc.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-eventrouter@0.2-6.git7c289cc.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-0:4.6.0-202103210832.p0.git.94284.834ccc7.el7.src",
"product": {
"name": "openshift-0:4.6.0-202103210832.p0.git.94284.834ccc7.el7.src",
"product_id": "openshift-0:4.6.0-202103210832.p0.git.94284.834ccc7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift@4.6.0-202103210832.p0.git.94284.834ccc7.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-ansible-0:4.6.0-202103192141.p0.git.0.d1b612b.el7.src",
"product": {
"name": "openshift-ansible-0:4.6.0-202103192141.p0.git.0.d1b612b.el7.src",
"product_id": "openshift-ansible-0:4.6.0-202103192141.p0.git.0.d1b612b.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible@4.6.0-202103192141.p0.git.0.d1b612b.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-clients-0:4.6.0-202103200039.p0.git.3841.3e951a5.el7.src",
"product": {
"name": "openshift-clients-0:4.6.0-202103200039.p0.git.3841.3e951a5.el7.src",
"product_id": "openshift-clients-0:4.6.0-202103200039.p0.git.3841.3e951a5.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-clients@4.6.0-202103200039.p0.git.3841.3e951a5.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-clients-0:4.6.0-202103200039.p0.git.3841.3e951a5.el8.x86_64",
"product": {
"name": "openshift-clients-0:4.6.0-202103200039.p0.git.3841.3e951a5.el8.x86_64",
"product_id": "openshift-clients-0:4.6.0-202103200039.p0.git.3841.3e951a5.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-clients@4.6.0-202103200039.p0.git.3841.3e951a5.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openshift-clients-redistributable-0:4.6.0-202103200039.p0.git.3841.3e951a5.el8.x86_64",
"product": {
"name": "openshift-clients-redistributable-0:4.6.0-202103200039.p0.git.3841.3e951a5.el8.x86_64",
"product_id": "openshift-clients-redistributable-0:4.6.0-202103200039.p0.git.3841.3e951a5.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-clients-redistributable@4.6.0-202103200039.p0.git.3841.3e951a5.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openshift-hyperkube-0:4.6.0-202103210832.p0.git.94284.834ccc7.el8.x86_64",
"product": {
"name": "openshift-hyperkube-0:4.6.0-202103210832.p0.git.94284.834ccc7.el8.x86_64",
"product_id": "openshift-hyperkube-0:4.6.0-202103210832.p0.git.94284.834ccc7.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-hyperkube@4.6.0-202103210832.p0.git.94284.834ccc7.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openshift-eventrouter-0:0.2-6.git7c289cc.el8.x86_64",
"product": {
"name": "openshift-eventrouter-0:0.2-6.git7c289cc.el8.x86_64",
"product_id": "openshift-eventrouter-0:0.2-6.git7c289cc.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-eventrouter@0.2-6.git7c289cc.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openshift-eventrouter-debugsource-0:0.2-6.git7c289cc.el8.x86_64",
"product": {
"name": "openshift-eventrouter-debugsource-0:0.2-6.git7c289cc.el8.x86_64",
"product_id": "openshift-eventrouter-debugsource-0:0.2-6.git7c289cc.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-eventrouter-debugsource@0.2-6.git7c289cc.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openshift-eventrouter-debuginfo-0:0.2-6.git7c289cc.el8.x86_64",
"product": {
"name": "openshift-eventrouter-debuginfo-0:0.2-6.git7c289cc.el8.x86_64",
"product_id": "openshift-eventrouter-debuginfo-0:0.2-6.git7c289cc.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-eventrouter-debuginfo@0.2-6.git7c289cc.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openshift-hyperkube-0:4.6.0-202103210832.p0.git.94284.834ccc7.el7.x86_64",
"product": {
"name": "openshift-hyperkube-0:4.6.0-202103210832.p0.git.94284.834ccc7.el7.x86_64",
"product_id": "openshift-hyperkube-0:4.6.0-202103210832.p0.git.94284.834ccc7.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-hyperkube@4.6.0-202103210832.p0.git.94284.834ccc7.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openshift-clients-0:4.6.0-202103200039.p0.git.3841.3e951a5.el7.x86_64",
"product": {
"name": "openshift-clients-0:4.6.0-202103200039.p0.git.3841.3e951a5.el7.x86_64",
"product_id": "openshift-clients-0:4.6.0-202103200039.p0.git.3841.3e951a5.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-clients@4.6.0-202103200039.p0.git.3841.3e951a5.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openshift-clients-redistributable-0:4.6.0-202103200039.p0.git.3841.3e951a5.el7.x86_64",
"product": {
"name": "openshift-clients-redistributable-0:4.6.0-202103200039.p0.git.3841.3e951a5.el7.x86_64",
"product_id": "openshift-clients-redistributable-0:4.6.0-202103200039.p0.git.3841.3e951a5.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-clients-redistributable@4.6.0-202103200039.p0.git.3841.3e951a5.el7?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-clients-0:4.6.0-202103200039.p0.git.3841.3e951a5.el8.ppc64le",
"product": {
"name": "openshift-clients-0:4.6.0-202103200039.p0.git.3841.3e951a5.el8.ppc64le",
"product_id": "openshift-clients-0:4.6.0-202103200039.p0.git.3841.3e951a5.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-clients@4.6.0-202103200039.p0.git.3841.3e951a5.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "openshift-hyperkube-0:4.6.0-202103210832.p0.git.94284.834ccc7.el8.ppc64le",
"product": {
"name": "openshift-hyperkube-0:4.6.0-202103210832.p0.git.94284.834ccc7.el8.ppc64le",
"product_id": "openshift-hyperkube-0:4.6.0-202103210832.p0.git.94284.834ccc7.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-hyperkube@4.6.0-202103210832.p0.git.94284.834ccc7.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "openshift-eventrouter-0:0.2-6.git7c289cc.el8.ppc64le",
"product": {
"name": "openshift-eventrouter-0:0.2-6.git7c289cc.el8.ppc64le",
"product_id": "openshift-eventrouter-0:0.2-6.git7c289cc.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-eventrouter@0.2-6.git7c289cc.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "openshift-eventrouter-debugsource-0:0.2-6.git7c289cc.el8.ppc64le",
"product": {
"name": "openshift-eventrouter-debugsource-0:0.2-6.git7c289cc.el8.ppc64le",
"product_id": "openshift-eventrouter-debugsource-0:0.2-6.git7c289cc.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-eventrouter-debugsource@0.2-6.git7c289cc.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "openshift-eventrouter-debuginfo-0:0.2-6.git7c289cc.el8.ppc64le",
"product": {
"name": "openshift-eventrouter-debuginfo-0:0.2-6.git7c289cc.el8.ppc64le",
"product_id": "openshift-eventrouter-debuginfo-0:0.2-6.git7c289cc.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-eventrouter-debuginfo@0.2-6.git7c289cc.el8?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-clients-0:4.6.0-202103200039.p0.git.3841.3e951a5.el8.s390x",
"product": {
"name": "openshift-clients-0:4.6.0-202103200039.p0.git.3841.3e951a5.el8.s390x",
"product_id": "openshift-clients-0:4.6.0-202103200039.p0.git.3841.3e951a5.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-clients@4.6.0-202103200039.p0.git.3841.3e951a5.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "openshift-hyperkube-0:4.6.0-202103210832.p0.git.94284.834ccc7.el8.s390x",
"product": {
"name": "openshift-hyperkube-0:4.6.0-202103210832.p0.git.94284.834ccc7.el8.s390x",
"product_id": "openshift-hyperkube-0:4.6.0-202103210832.p0.git.94284.834ccc7.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-hyperkube@4.6.0-202103210832.p0.git.94284.834ccc7.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "openshift-eventrouter-0:0.2-6.git7c289cc.el8.s390x",
"product": {
"name": "openshift-eventrouter-0:0.2-6.git7c289cc.el8.s390x",
"product_id": "openshift-eventrouter-0:0.2-6.git7c289cc.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-eventrouter@0.2-6.git7c289cc.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "openshift-eventrouter-debugsource-0:0.2-6.git7c289cc.el8.s390x",
"product": {
"name": "openshift-eventrouter-debugsource-0:0.2-6.git7c289cc.el8.s390x",
"product_id": "openshift-eventrouter-debugsource-0:0.2-6.git7c289cc.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-eventrouter-debugsource@0.2-6.git7c289cc.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "openshift-eventrouter-debuginfo-0:0.2-6.git7c289cc.el8.s390x",
"product": {
"name": "openshift-eventrouter-debuginfo-0:0.2-6.git7c289cc.el8.s390x",
"product_id": "openshift-eventrouter-debuginfo-0:0.2-6.git7c289cc.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-eventrouter-debuginfo@0.2-6.git7c289cc.el8?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-kuryr-cni-0:4.6.0-202103192141.p0.git.2234.cba9525.el8.noarch",
"product": {
"name": "openshift-kuryr-cni-0:4.6.0-202103192141.p0.git.2234.cba9525.el8.noarch",
"product_id": "openshift-kuryr-cni-0:4.6.0-202103192141.p0.git.2234.cba9525.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-kuryr-cni@4.6.0-202103192141.p0.git.2234.cba9525.el8?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-kuryr-common-0:4.6.0-202103192141.p0.git.2234.cba9525.el8.noarch",
"product": {
"name": "openshift-kuryr-common-0:4.6.0-202103192141.p0.git.2234.cba9525.el8.noarch",
"product_id": "openshift-kuryr-common-0:4.6.0-202103192141.p0.git.2234.cba9525.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-kuryr-common@4.6.0-202103192141.p0.git.2234.cba9525.el8?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-kuryr-controller-0:4.6.0-202103192141.p0.git.2234.cba9525.el8.noarch",
"product": {
"name": "openshift-kuryr-controller-0:4.6.0-202103192141.p0.git.2234.cba9525.el8.noarch",
"product_id": "openshift-kuryr-controller-0:4.6.0-202103192141.p0.git.2234.cba9525.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-kuryr-controller@4.6.0-202103192141.p0.git.2234.cba9525.el8?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3-kuryr-kubernetes-0:4.6.0-202103192141.p0.git.2234.cba9525.el8.noarch",
"product": {
"name": "python3-kuryr-kubernetes-0:4.6.0-202103192141.p0.git.2234.cba9525.el8.noarch",
"product_id": "python3-kuryr-kubernetes-0:4.6.0-202103192141.p0.git.2234.cba9525.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-kuryr-kubernetes@4.6.0-202103192141.p0.git.2234.cba9525.el8?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-ansible-0:4.6.0-202103192141.p0.git.0.d1b612b.el7.noarch",
"product": {
"name": "openshift-ansible-0:4.6.0-202103192141.p0.git.0.d1b612b.el7.noarch",
"product_id": "openshift-ansible-0:4.6.0-202103192141.p0.git.0.d1b612b.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible@4.6.0-202103192141.p0.git.0.d1b612b.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-ansible-test-0:4.6.0-202103192141.p0.git.0.d1b612b.el7.noarch",
"product": {
"name": "openshift-ansible-test-0:4.6.0-202103192141.p0.git.0.d1b612b.el7.noarch",
"product_id": "openshift-ansible-test-0:4.6.0-202103192141.p0.git.0.d1b612b.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible-test@4.6.0-202103192141.p0.git.0.d1b612b.el7?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-0:4.6.0-202103210832.p0.git.94284.834ccc7.el7.src as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202103210832.p0.git.94284.834ccc7.el7.src"
},
"product_reference": "openshift-0:4.6.0-202103210832.p0.git.94284.834ccc7.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-0:4.6.0-202103192141.p0.git.0.d1b612b.el7.noarch as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202103192141.p0.git.0.d1b612b.el7.noarch"
},
"product_reference": "openshift-ansible-0:4.6.0-202103192141.p0.git.0.d1b612b.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-0:4.6.0-202103192141.p0.git.0.d1b612b.el7.src as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202103192141.p0.git.0.d1b612b.el7.src"
},
"product_reference": "openshift-ansible-0:4.6.0-202103192141.p0.git.0.d1b612b.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-test-0:4.6.0-202103192141.p0.git.0.d1b612b.el7.noarch as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "7Server-RH7-RHOSE-4.6:openshift-ansible-test-0:4.6.0-202103192141.p0.git.0.d1b612b.el7.noarch"
},
"product_reference": "openshift-ansible-test-0:4.6.0-202103192141.p0.git.0.d1b612b.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-clients-0:4.6.0-202103200039.p0.git.3841.3e951a5.el7.src as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202103200039.p0.git.3841.3e951a5.el7.src"
},
"product_reference": "openshift-clients-0:4.6.0-202103200039.p0.git.3841.3e951a5.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-clients-0:4.6.0-202103200039.p0.git.3841.3e951a5.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202103200039.p0.git.3841.3e951a5.el7.x86_64"
},
"product_reference": "openshift-clients-0:4.6.0-202103200039.p0.git.3841.3e951a5.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-clients-redistributable-0:4.6.0-202103200039.p0.git.3841.3e951a5.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "7Server-RH7-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202103200039.p0.git.3841.3e951a5.el7.x86_64"
},
"product_reference": "openshift-clients-redistributable-0:4.6.0-202103200039.p0.git.3841.3e951a5.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-hyperkube-0:4.6.0-202103210832.p0.git.94284.834ccc7.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202103210832.p0.git.94284.834ccc7.el7.x86_64"
},
"product_reference": "openshift-hyperkube-0:4.6.0-202103210832.p0.git.94284.834ccc7.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-0:4.6.0-202103210832.p0.git.94284.834ccc7.el8.src as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift-0:4.6.0-202103210832.p0.git.94284.834ccc7.el8.src"
},
"product_reference": "openshift-0:4.6.0-202103210832.p0.git.94284.834ccc7.el8.src",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-clients-0:4.6.0-202103200039.p0.git.3841.3e951a5.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202103200039.p0.git.3841.3e951a5.el8.ppc64le"
},
"product_reference": "openshift-clients-0:4.6.0-202103200039.p0.git.3841.3e951a5.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-clients-0:4.6.0-202103200039.p0.git.3841.3e951a5.el8.s390x as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202103200039.p0.git.3841.3e951a5.el8.s390x"
},
"product_reference": "openshift-clients-0:4.6.0-202103200039.p0.git.3841.3e951a5.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-clients-0:4.6.0-202103200039.p0.git.3841.3e951a5.el8.src as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202103200039.p0.git.3841.3e951a5.el8.src"
},
"product_reference": "openshift-clients-0:4.6.0-202103200039.p0.git.3841.3e951a5.el8.src",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-clients-0:4.6.0-202103200039.p0.git.3841.3e951a5.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202103200039.p0.git.3841.3e951a5.el8.x86_64"
},
"product_reference": "openshift-clients-0:4.6.0-202103200039.p0.git.3841.3e951a5.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-clients-redistributable-0:4.6.0-202103200039.p0.git.3841.3e951a5.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202103200039.p0.git.3841.3e951a5.el8.x86_64"
},
"product_reference": "openshift-clients-redistributable-0:4.6.0-202103200039.p0.git.3841.3e951a5.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-eventrouter-0:0.2-6.git7c289cc.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift-eventrouter-0:0.2-6.git7c289cc.el8.ppc64le"
},
"product_reference": "openshift-eventrouter-0:0.2-6.git7c289cc.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-eventrouter-0:0.2-6.git7c289cc.el8.s390x as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift-eventrouter-0:0.2-6.git7c289cc.el8.s390x"
},
"product_reference": "openshift-eventrouter-0:0.2-6.git7c289cc.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-eventrouter-0:0.2-6.git7c289cc.el8.src as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift-eventrouter-0:0.2-6.git7c289cc.el8.src"
},
"product_reference": "openshift-eventrouter-0:0.2-6.git7c289cc.el8.src",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-eventrouter-0:0.2-6.git7c289cc.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift-eventrouter-0:0.2-6.git7c289cc.el8.x86_64"
},
"product_reference": "openshift-eventrouter-0:0.2-6.git7c289cc.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-eventrouter-debuginfo-0:0.2-6.git7c289cc.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift-eventrouter-debuginfo-0:0.2-6.git7c289cc.el8.ppc64le"
},
"product_reference": "openshift-eventrouter-debuginfo-0:0.2-6.git7c289cc.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-eventrouter-debuginfo-0:0.2-6.git7c289cc.el8.s390x as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift-eventrouter-debuginfo-0:0.2-6.git7c289cc.el8.s390x"
},
"product_reference": "openshift-eventrouter-debuginfo-0:0.2-6.git7c289cc.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-eventrouter-debuginfo-0:0.2-6.git7c289cc.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift-eventrouter-debuginfo-0:0.2-6.git7c289cc.el8.x86_64"
},
"product_reference": "openshift-eventrouter-debuginfo-0:0.2-6.git7c289cc.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-eventrouter-debugsource-0:0.2-6.git7c289cc.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift-eventrouter-debugsource-0:0.2-6.git7c289cc.el8.ppc64le"
},
"product_reference": "openshift-eventrouter-debugsource-0:0.2-6.git7c289cc.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-eventrouter-debugsource-0:0.2-6.git7c289cc.el8.s390x as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift-eventrouter-debugsource-0:0.2-6.git7c289cc.el8.s390x"
},
"product_reference": "openshift-eventrouter-debugsource-0:0.2-6.git7c289cc.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-eventrouter-debugsource-0:0.2-6.git7c289cc.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift-eventrouter-debugsource-0:0.2-6.git7c289cc.el8.x86_64"
},
"product_reference": "openshift-eventrouter-debugsource-0:0.2-6.git7c289cc.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-hyperkube-0:4.6.0-202103210832.p0.git.94284.834ccc7.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202103210832.p0.git.94284.834ccc7.el8.ppc64le"
},
"product_reference": "openshift-hyperkube-0:4.6.0-202103210832.p0.git.94284.834ccc7.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-hyperkube-0:4.6.0-202103210832.p0.git.94284.834ccc7.el8.s390x as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202103210832.p0.git.94284.834ccc7.el8.s390x"
},
"product_reference": "openshift-hyperkube-0:4.6.0-202103210832.p0.git.94284.834ccc7.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-hyperkube-0:4.6.0-202103210832.p0.git.94284.834ccc7.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202103210832.p0.git.94284.834ccc7.el8.x86_64"
},
"product_reference": "openshift-hyperkube-0:4.6.0-202103210832.p0.git.94284.834ccc7.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-kuryr-0:4.6.0-202103192141.p0.git.2234.cba9525.el8.src as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202103192141.p0.git.2234.cba9525.el8.src"
},
"product_reference": "openshift-kuryr-0:4.6.0-202103192141.p0.git.2234.cba9525.el8.src",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-kuryr-cni-0:4.6.0-202103192141.p0.git.2234.cba9525.el8.noarch as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202103192141.p0.git.2234.cba9525.el8.noarch"
},
"product_reference": "openshift-kuryr-cni-0:4.6.0-202103192141.p0.git.2234.cba9525.el8.noarch",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-kuryr-common-0:4.6.0-202103192141.p0.git.2234.cba9525.el8.noarch as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202103192141.p0.git.2234.cba9525.el8.noarch"
},
"product_reference": "openshift-kuryr-common-0:4.6.0-202103192141.p0.git.2234.cba9525.el8.noarch",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-kuryr-controller-0:4.6.0-202103192141.p0.git.2234.cba9525.el8.noarch as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202103192141.p0.git.2234.cba9525.el8.noarch"
},
"product_reference": "openshift-kuryr-controller-0:4.6.0-202103192141.p0.git.2234.cba9525.el8.noarch",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-kuryr-kubernetes-0:4.6.0-202103192141.p0.git.2234.cba9525.el8.noarch as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202103192141.p0.git.2234.cba9525.el8.noarch"
},
"product_reference": "python3-kuryr-kubernetes-0:4.6.0-202103192141.p0.git.2234.cba9525.el8.noarch",
"relates_to_product_reference": "8Base-RHOSE-4.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-15586",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"discovery_date": "2020-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202103210832.p0.git.94284.834ccc7.el7.src",
"7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202103192141.p0.git.0.d1b612b.el7.noarch",
"7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202103192141.p0.git.0.d1b612b.el7.src",
"7Server-RH7-RHOSE-4.6:openshift-ansible-test-0:4.6.0-202103192141.p0.git.0.d1b612b.el7.noarch",
"7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202103200039.p0.git.3841.3e951a5.el7.src",
"7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202103200039.p0.git.3841.3e951a5.el7.x86_64",
"7Server-RH7-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202103200039.p0.git.3841.3e951a5.el7.x86_64",
"7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202103210832.p0.git.94284.834ccc7.el7.x86_64",
"8Base-RHOSE-4.6:openshift-0:4.6.0-202103210832.p0.git.94284.834ccc7.el8.src",
"8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202103200039.p0.git.3841.3e951a5.el8.ppc64le",
"8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202103200039.p0.git.3841.3e951a5.el8.s390x",
"8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202103200039.p0.git.3841.3e951a5.el8.src",
"8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202103200039.p0.git.3841.3e951a5.el8.x86_64",
"8Base-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202103200039.p0.git.3841.3e951a5.el8.x86_64",
"8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202103210832.p0.git.94284.834ccc7.el8.ppc64le",
"8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202103210832.p0.git.94284.834ccc7.el8.s390x",
"8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202103210832.p0.git.94284.834ccc7.el8.x86_64",
"8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202103192141.p0.git.2234.cba9525.el8.src",
"8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202103192141.p0.git.2234.cba9525.el8.noarch",
"8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202103192141.p0.git.2234.cba9525.el8.noarch",
"8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202103192141.p0.git.2234.cba9525.el8.noarch",
"8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202103192141.p0.git.2234.cba9525.el8.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1856953"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found Go\u0027s net/http package. Servers using ReverseProxy from net/http in the Go standard library are vulnerable to a data race that results in a denial of service. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: data race in certain net/http servers including ReverseProxy can lead to DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform (OCP) components are primarily written in Go, meaning that any component using the net/http package includes the vulnerable code. OCP server endpoints using ReverseProxy are protected by authentication, reducing the severity of this vulnerability to Low for OCP.\n\nSimilar to OCP, OpenShift ServiceMesh (OSSM), RedHat OpenShift Jaeger (RHOSJ) and OpenShift Virtualization are also primarily written in Go and are protected via authentication, reducing the severity of this vulnerability to Low.\n\nRed Hat Gluster Storage 3 and Red Hat Openshift Container Storage 4 components are built with the affected version of Go, however the vulnerable functionality is currently not used by these products and hence this issue has been rated as having a security impact of Low.\n\nRed Hat Ceph Storage 3 and 4 components are built with the affected version of Go, however the vulnerable functionality is currently not used by these products and hence this issue has been rated as having a security impact of Low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.6:openshift-eventrouter-0:0.2-6.git7c289cc.el8.ppc64le",
"8Base-RHOSE-4.6:openshift-eventrouter-0:0.2-6.git7c289cc.el8.s390x",
"8Base-RHOSE-4.6:openshift-eventrouter-0:0.2-6.git7c289cc.el8.src",
"8Base-RHOSE-4.6:openshift-eventrouter-0:0.2-6.git7c289cc.el8.x86_64",
"8Base-RHOSE-4.6:openshift-eventrouter-debuginfo-0:0.2-6.git7c289cc.el8.ppc64le",
"8Base-RHOSE-4.6:openshift-eventrouter-debuginfo-0:0.2-6.git7c289cc.el8.s390x",
"8Base-RHOSE-4.6:openshift-eventrouter-debuginfo-0:0.2-6.git7c289cc.el8.x86_64",
"8Base-RHOSE-4.6:openshift-eventrouter-debugsource-0:0.2-6.git7c289cc.el8.ppc64le",
"8Base-RHOSE-4.6:openshift-eventrouter-debugsource-0:0.2-6.git7c289cc.el8.s390x",
"8Base-RHOSE-4.6:openshift-eventrouter-debugsource-0:0.2-6.git7c289cc.el8.x86_64"
],
"known_not_affected": [
"7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202103210832.p0.git.94284.834ccc7.el7.src",
"7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202103192141.p0.git.0.d1b612b.el7.noarch",
"7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202103192141.p0.git.0.d1b612b.el7.src",
"7Server-RH7-RHOSE-4.6:openshift-ansible-test-0:4.6.0-202103192141.p0.git.0.d1b612b.el7.noarch",
"7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202103200039.p0.git.3841.3e951a5.el7.src",
"7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202103200039.p0.git.3841.3e951a5.el7.x86_64",
"7Server-RH7-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202103200039.p0.git.3841.3e951a5.el7.x86_64",
"7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202103210832.p0.git.94284.834ccc7.el7.x86_64",
"8Base-RHOSE-4.6:openshift-0:4.6.0-202103210832.p0.git.94284.834ccc7.el8.src",
"8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202103200039.p0.git.3841.3e951a5.el8.ppc64le",
"8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202103200039.p0.git.3841.3e951a5.el8.s390x",
"8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202103200039.p0.git.3841.3e951a5.el8.src",
"8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202103200039.p0.git.3841.3e951a5.el8.x86_64",
"8Base-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202103200039.p0.git.3841.3e951a5.el8.x86_64",
"8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202103210832.p0.git.94284.834ccc7.el8.ppc64le",
"8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202103210832.p0.git.94284.834ccc7.el8.s390x",
"8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202103210832.p0.git.94284.834ccc7.el8.x86_64",
"8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202103192141.p0.git.2234.cba9525.el8.src",
"8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202103192141.p0.git.2234.cba9525.el8.noarch",
"8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202103192141.p0.git.2234.cba9525.el8.noarch",
"8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202103192141.p0.git.2234.cba9525.el8.noarch",
"8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202103192141.p0.git.2234.cba9525.el8.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-15586"
},
{
"category": "external",
"summary": "RHBZ#1856953",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1856953"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-15586",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15586"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-15586",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15586"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/XZNfaiwgt2w/m/E6gHDs32AQAJ",
"url": "https://groups.google.com/g/golang-announce/c/XZNfaiwgt2w/m/E6gHDs32AQAJ"
}
],
"release_date": "2020-07-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-03-30T16:48:30+00:00",
"details": "For OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html.",
"product_ids": [
"8Base-RHOSE-4.6:openshift-eventrouter-0:0.2-6.git7c289cc.el8.ppc64le",
"8Base-RHOSE-4.6:openshift-eventrouter-0:0.2-6.git7c289cc.el8.s390x",
"8Base-RHOSE-4.6:openshift-eventrouter-0:0.2-6.git7c289cc.el8.src",
"8Base-RHOSE-4.6:openshift-eventrouter-0:0.2-6.git7c289cc.el8.x86_64",
"8Base-RHOSE-4.6:openshift-eventrouter-debuginfo-0:0.2-6.git7c289cc.el8.ppc64le",
"8Base-RHOSE-4.6:openshift-eventrouter-debuginfo-0:0.2-6.git7c289cc.el8.s390x",
"8Base-RHOSE-4.6:openshift-eventrouter-debuginfo-0:0.2-6.git7c289cc.el8.x86_64",
"8Base-RHOSE-4.6:openshift-eventrouter-debugsource-0:0.2-6.git7c289cc.el8.ppc64le",
"8Base-RHOSE-4.6:openshift-eventrouter-debugsource-0:0.2-6.git7c289cc.el8.s390x",
"8Base-RHOSE-4.6:openshift-eventrouter-debugsource-0:0.2-6.git7c289cc.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:0956"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202103210832.p0.git.94284.834ccc7.el7.src",
"7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202103192141.p0.git.0.d1b612b.el7.noarch",
"7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202103192141.p0.git.0.d1b612b.el7.src",
"7Server-RH7-RHOSE-4.6:openshift-ansible-test-0:4.6.0-202103192141.p0.git.0.d1b612b.el7.noarch",
"7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202103200039.p0.git.3841.3e951a5.el7.src",
"7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202103200039.p0.git.3841.3e951a5.el7.x86_64",
"7Server-RH7-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202103200039.p0.git.3841.3e951a5.el7.x86_64",
"7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202103210832.p0.git.94284.834ccc7.el7.x86_64",
"8Base-RHOSE-4.6:openshift-0:4.6.0-202103210832.p0.git.94284.834ccc7.el8.src",
"8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202103200039.p0.git.3841.3e951a5.el8.ppc64le",
"8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202103200039.p0.git.3841.3e951a5.el8.s390x",
"8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202103200039.p0.git.3841.3e951a5.el8.src",
"8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202103200039.p0.git.3841.3e951a5.el8.x86_64",
"8Base-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202103200039.p0.git.3841.3e951a5.el8.x86_64",
"8Base-RHOSE-4.6:openshift-eventrouter-0:0.2-6.git7c289cc.el8.ppc64le",
"8Base-RHOSE-4.6:openshift-eventrouter-0:0.2-6.git7c289cc.el8.s390x",
"8Base-RHOSE-4.6:openshift-eventrouter-0:0.2-6.git7c289cc.el8.src",
"8Base-RHOSE-4.6:openshift-eventrouter-0:0.2-6.git7c289cc.el8.x86_64",
"8Base-RHOSE-4.6:openshift-eventrouter-debuginfo-0:0.2-6.git7c289cc.el8.ppc64le",
"8Base-RHOSE-4.6:openshift-eventrouter-debuginfo-0:0.2-6.git7c289cc.el8.s390x",
"8Base-RHOSE-4.6:openshift-eventrouter-debuginfo-0:0.2-6.git7c289cc.el8.x86_64",
"8Base-RHOSE-4.6:openshift-eventrouter-debugsource-0:0.2-6.git7c289cc.el8.ppc64le",
"8Base-RHOSE-4.6:openshift-eventrouter-debugsource-0:0.2-6.git7c289cc.el8.s390x",
"8Base-RHOSE-4.6:openshift-eventrouter-debugsource-0:0.2-6.git7c289cc.el8.x86_64",
"8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202103210832.p0.git.94284.834ccc7.el8.ppc64le",
"8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202103210832.p0.git.94284.834ccc7.el8.s390x",
"8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202103210832.p0.git.94284.834ccc7.el8.x86_64",
"8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202103192141.p0.git.2234.cba9525.el8.src",
"8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202103192141.p0.git.2234.cba9525.el8.noarch",
"8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202103192141.p0.git.2234.cba9525.el8.noarch",
"8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202103192141.p0.git.2234.cba9525.el8.noarch",
"8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202103192141.p0.git.2234.cba9525.el8.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang: data race in certain net/http servers including ReverseProxy can lead to DoS"
},
{
"cve": "CVE-2020-16845",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2020-08-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202103210832.p0.git.94284.834ccc7.el7.src",
"7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202103192141.p0.git.0.d1b612b.el7.noarch",
"7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202103192141.p0.git.0.d1b612b.el7.src",
"7Server-RH7-RHOSE-4.6:openshift-ansible-test-0:4.6.0-202103192141.p0.git.0.d1b612b.el7.noarch",
"7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202103200039.p0.git.3841.3e951a5.el7.src",
"7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202103200039.p0.git.3841.3e951a5.el7.x86_64",
"7Server-RH7-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202103200039.p0.git.3841.3e951a5.el7.x86_64",
"7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202103210832.p0.git.94284.834ccc7.el7.x86_64",
"8Base-RHOSE-4.6:openshift-0:4.6.0-202103210832.p0.git.94284.834ccc7.el8.src",
"8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202103200039.p0.git.3841.3e951a5.el8.ppc64le",
"8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202103200039.p0.git.3841.3e951a5.el8.s390x",
"8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202103200039.p0.git.3841.3e951a5.el8.src",
"8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202103200039.p0.git.3841.3e951a5.el8.x86_64",
"8Base-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202103200039.p0.git.3841.3e951a5.el8.x86_64",
"8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202103210832.p0.git.94284.834ccc7.el8.ppc64le",
"8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202103210832.p0.git.94284.834ccc7.el8.s390x",
"8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202103210832.p0.git.94284.834ccc7.el8.x86_64",
"8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202103192141.p0.git.2234.cba9525.el8.src",
"8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202103192141.p0.git.2234.cba9525.el8.noarch",
"8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202103192141.p0.git.2234.cba9525.el8.noarch",
"8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202103192141.p0.git.2234.cba9525.el8.noarch",
"8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202103192141.p0.git.2234.cba9525.el8.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1867099"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Go encoding/binary package. Certain invalid inputs to the ReadUvarint or the ReadVarint causes those functions to read an unlimited number of bytes from the ByteReader argument before returning an error. This flaw possibly leads to processing more input than expected. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform (OCP), OpenShift ServiceMesh (OSSM), RedHat OpenShift Jaeger (RHOSJ) and OpenShift Virtualization components are primarily written in Go, meaning that any component using the encoding/binary package includes the vulnerable code. The affected components are behind OpenShift OAuth authentication, therefore the impact is low.\n\nRed Hat Gluster Storage 3, Red Hat OpenShift Container Storage 4 and Red Hat Ceph Storage (3 and 4) components are built with the affected version of Go, however the vulnerable functionality is currently not used by these products and hence this issue has been rated as having a security impact of Low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.6:openshift-eventrouter-0:0.2-6.git7c289cc.el8.ppc64le",
"8Base-RHOSE-4.6:openshift-eventrouter-0:0.2-6.git7c289cc.el8.s390x",
"8Base-RHOSE-4.6:openshift-eventrouter-0:0.2-6.git7c289cc.el8.src",
"8Base-RHOSE-4.6:openshift-eventrouter-0:0.2-6.git7c289cc.el8.x86_64",
"8Base-RHOSE-4.6:openshift-eventrouter-debuginfo-0:0.2-6.git7c289cc.el8.ppc64le",
"8Base-RHOSE-4.6:openshift-eventrouter-debuginfo-0:0.2-6.git7c289cc.el8.s390x",
"8Base-RHOSE-4.6:openshift-eventrouter-debuginfo-0:0.2-6.git7c289cc.el8.x86_64",
"8Base-RHOSE-4.6:openshift-eventrouter-debugsource-0:0.2-6.git7c289cc.el8.ppc64le",
"8Base-RHOSE-4.6:openshift-eventrouter-debugsource-0:0.2-6.git7c289cc.el8.s390x",
"8Base-RHOSE-4.6:openshift-eventrouter-debugsource-0:0.2-6.git7c289cc.el8.x86_64"
],
"known_not_affected": [
"7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202103210832.p0.git.94284.834ccc7.el7.src",
"7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202103192141.p0.git.0.d1b612b.el7.noarch",
"7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202103192141.p0.git.0.d1b612b.el7.src",
"7Server-RH7-RHOSE-4.6:openshift-ansible-test-0:4.6.0-202103192141.p0.git.0.d1b612b.el7.noarch",
"7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202103200039.p0.git.3841.3e951a5.el7.src",
"7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202103200039.p0.git.3841.3e951a5.el7.x86_64",
"7Server-RH7-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202103200039.p0.git.3841.3e951a5.el7.x86_64",
"7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202103210832.p0.git.94284.834ccc7.el7.x86_64",
"8Base-RHOSE-4.6:openshift-0:4.6.0-202103210832.p0.git.94284.834ccc7.el8.src",
"8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202103200039.p0.git.3841.3e951a5.el8.ppc64le",
"8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202103200039.p0.git.3841.3e951a5.el8.s390x",
"8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202103200039.p0.git.3841.3e951a5.el8.src",
"8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202103200039.p0.git.3841.3e951a5.el8.x86_64",
"8Base-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202103200039.p0.git.3841.3e951a5.el8.x86_64",
"8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202103210832.p0.git.94284.834ccc7.el8.ppc64le",
"8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202103210832.p0.git.94284.834ccc7.el8.s390x",
"8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202103210832.p0.git.94284.834ccc7.el8.x86_64",
"8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202103192141.p0.git.2234.cba9525.el8.src",
"8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202103192141.p0.git.2234.cba9525.el8.noarch",
"8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202103192141.p0.git.2234.cba9525.el8.noarch",
"8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202103192141.p0.git.2234.cba9525.el8.noarch",
"8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202103192141.p0.git.2234.cba9525.el8.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-16845"
},
{
"category": "external",
"summary": "RHBZ#1867099",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1867099"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-16845",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16845"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-16845",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-16845"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/NyPIaucMgXo",
"url": "https://groups.google.com/g/golang-announce/c/NyPIaucMgXo"
}
],
"release_date": "2020-08-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-03-30T16:48:30+00:00",
"details": "For OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html.",
"product_ids": [
"8Base-RHOSE-4.6:openshift-eventrouter-0:0.2-6.git7c289cc.el8.ppc64le",
"8Base-RHOSE-4.6:openshift-eventrouter-0:0.2-6.git7c289cc.el8.s390x",
"8Base-RHOSE-4.6:openshift-eventrouter-0:0.2-6.git7c289cc.el8.src",
"8Base-RHOSE-4.6:openshift-eventrouter-0:0.2-6.git7c289cc.el8.x86_64",
"8Base-RHOSE-4.6:openshift-eventrouter-debuginfo-0:0.2-6.git7c289cc.el8.ppc64le",
"8Base-RHOSE-4.6:openshift-eventrouter-debuginfo-0:0.2-6.git7c289cc.el8.s390x",
"8Base-RHOSE-4.6:openshift-eventrouter-debuginfo-0:0.2-6.git7c289cc.el8.x86_64",
"8Base-RHOSE-4.6:openshift-eventrouter-debugsource-0:0.2-6.git7c289cc.el8.ppc64le",
"8Base-RHOSE-4.6:openshift-eventrouter-debugsource-0:0.2-6.git7c289cc.el8.s390x",
"8Base-RHOSE-4.6:openshift-eventrouter-debugsource-0:0.2-6.git7c289cc.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:0956"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202103210832.p0.git.94284.834ccc7.el7.src",
"7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202103192141.p0.git.0.d1b612b.el7.noarch",
"7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202103192141.p0.git.0.d1b612b.el7.src",
"7Server-RH7-RHOSE-4.6:openshift-ansible-test-0:4.6.0-202103192141.p0.git.0.d1b612b.el7.noarch",
"7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202103200039.p0.git.3841.3e951a5.el7.src",
"7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202103200039.p0.git.3841.3e951a5.el7.x86_64",
"7Server-RH7-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202103200039.p0.git.3841.3e951a5.el7.x86_64",
"7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202103210832.p0.git.94284.834ccc7.el7.x86_64",
"8Base-RHOSE-4.6:openshift-0:4.6.0-202103210832.p0.git.94284.834ccc7.el8.src",
"8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202103200039.p0.git.3841.3e951a5.el8.ppc64le",
"8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202103200039.p0.git.3841.3e951a5.el8.s390x",
"8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202103200039.p0.git.3841.3e951a5.el8.src",
"8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202103200039.p0.git.3841.3e951a5.el8.x86_64",
"8Base-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202103200039.p0.git.3841.3e951a5.el8.x86_64",
"8Base-RHOSE-4.6:openshift-eventrouter-0:0.2-6.git7c289cc.el8.ppc64le",
"8Base-RHOSE-4.6:openshift-eventrouter-0:0.2-6.git7c289cc.el8.s390x",
"8Base-RHOSE-4.6:openshift-eventrouter-0:0.2-6.git7c289cc.el8.src",
"8Base-RHOSE-4.6:openshift-eventrouter-0:0.2-6.git7c289cc.el8.x86_64",
"8Base-RHOSE-4.6:openshift-eventrouter-debuginfo-0:0.2-6.git7c289cc.el8.ppc64le",
"8Base-RHOSE-4.6:openshift-eventrouter-debuginfo-0:0.2-6.git7c289cc.el8.s390x",
"8Base-RHOSE-4.6:openshift-eventrouter-debuginfo-0:0.2-6.git7c289cc.el8.x86_64",
"8Base-RHOSE-4.6:openshift-eventrouter-debugsource-0:0.2-6.git7c289cc.el8.ppc64le",
"8Base-RHOSE-4.6:openshift-eventrouter-debugsource-0:0.2-6.git7c289cc.el8.s390x",
"8Base-RHOSE-4.6:openshift-eventrouter-debugsource-0:0.2-6.git7c289cc.el8.x86_64",
"8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202103210832.p0.git.94284.834ccc7.el8.ppc64le",
"8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202103210832.p0.git.94284.834ccc7.el8.s390x",
"8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202103210832.p0.git.94284.834ccc7.el8.x86_64",
"8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202103192141.p0.git.2234.cba9525.el8.src",
"8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202103192141.p0.git.2234.cba9525.el8.noarch",
"8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202103192141.p0.git.2234.cba9525.el8.noarch",
"8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202103192141.p0.git.2234.cba9525.el8.noarch",
"8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202103192141.p0.git.2234.cba9525.el8.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs"
},
{
"cve": "CVE-2020-28362",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2020-11-12T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202103210832.p0.git.94284.834ccc7.el7.src",
"7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202103192141.p0.git.0.d1b612b.el7.noarch",
"7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202103192141.p0.git.0.d1b612b.el7.src",
"7Server-RH7-RHOSE-4.6:openshift-ansible-test-0:4.6.0-202103192141.p0.git.0.d1b612b.el7.noarch",
"7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202103200039.p0.git.3841.3e951a5.el7.src",
"7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202103200039.p0.git.3841.3e951a5.el7.x86_64",
"7Server-RH7-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202103200039.p0.git.3841.3e951a5.el7.x86_64",
"7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202103210832.p0.git.94284.834ccc7.el7.x86_64",
"8Base-RHOSE-4.6:openshift-0:4.6.0-202103210832.p0.git.94284.834ccc7.el8.src",
"8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202103200039.p0.git.3841.3e951a5.el8.ppc64le",
"8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202103200039.p0.git.3841.3e951a5.el8.s390x",
"8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202103200039.p0.git.3841.3e951a5.el8.src",
"8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202103200039.p0.git.3841.3e951a5.el8.x86_64",
"8Base-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202103200039.p0.git.3841.3e951a5.el8.x86_64",
"8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202103210832.p0.git.94284.834ccc7.el8.ppc64le",
"8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202103210832.p0.git.94284.834ccc7.el8.s390x",
"8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202103210832.p0.git.94284.834ccc7.el8.x86_64",
"8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202103192141.p0.git.2234.cba9525.el8.src",
"8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202103192141.p0.git.2234.cba9525.el8.noarch",
"8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202103192141.p0.git.2234.cba9525.el8.noarch",
"8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202103192141.p0.git.2234.cba9525.el8.noarch",
"8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202103192141.p0.git.2234.cba9525.el8.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1897635"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the math/big package of Go\u0027s standard library that causes a denial of service. Applications written in Go that use math/big via cryptographic packages, including crypto/rsa and crypto/x509, are vulnerable and can potentially cause panic via a crafted certificate chain. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: math/big: panic during recursive division of very large numbers",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift ServiceMesh (OSSM) 1.1 is Out Of Support Scope (OOSS) for Moderate and Low impact vulnerabilities because it is now in the Maintenance Phase of the support.\nOpenshift Virtualization 1 (formerly Container Native Virtualization) is Out Of Support Scope (OOSS) for Moderate and Low impact vulnerabilities.\n\nRed Hat Gluster Storage 3 shipped multi-cloud-object-gateway-cli and noobaa-operator container as a technical preview and is not currently planned to be addressed in future updates.\n\nOpenShift Container Platform (OCP) 4.5 and earlier are built with Go versions earlier than 1.14, which are not affected by this vulnerability. OCP 4.6 is built with Go 1.15 and is affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.6:openshift-eventrouter-0:0.2-6.git7c289cc.el8.ppc64le",
"8Base-RHOSE-4.6:openshift-eventrouter-0:0.2-6.git7c289cc.el8.s390x",
"8Base-RHOSE-4.6:openshift-eventrouter-0:0.2-6.git7c289cc.el8.src",
"8Base-RHOSE-4.6:openshift-eventrouter-0:0.2-6.git7c289cc.el8.x86_64",
"8Base-RHOSE-4.6:openshift-eventrouter-debuginfo-0:0.2-6.git7c289cc.el8.ppc64le",
"8Base-RHOSE-4.6:openshift-eventrouter-debuginfo-0:0.2-6.git7c289cc.el8.s390x",
"8Base-RHOSE-4.6:openshift-eventrouter-debuginfo-0:0.2-6.git7c289cc.el8.x86_64",
"8Base-RHOSE-4.6:openshift-eventrouter-debugsource-0:0.2-6.git7c289cc.el8.ppc64le",
"8Base-RHOSE-4.6:openshift-eventrouter-debugsource-0:0.2-6.git7c289cc.el8.s390x",
"8Base-RHOSE-4.6:openshift-eventrouter-debugsource-0:0.2-6.git7c289cc.el8.x86_64"
],
"known_not_affected": [
"7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202103210832.p0.git.94284.834ccc7.el7.src",
"7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202103192141.p0.git.0.d1b612b.el7.noarch",
"7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202103192141.p0.git.0.d1b612b.el7.src",
"7Server-RH7-RHOSE-4.6:openshift-ansible-test-0:4.6.0-202103192141.p0.git.0.d1b612b.el7.noarch",
"7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202103200039.p0.git.3841.3e951a5.el7.src",
"7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202103200039.p0.git.3841.3e951a5.el7.x86_64",
"7Server-RH7-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202103200039.p0.git.3841.3e951a5.el7.x86_64",
"7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202103210832.p0.git.94284.834ccc7.el7.x86_64",
"8Base-RHOSE-4.6:openshift-0:4.6.0-202103210832.p0.git.94284.834ccc7.el8.src",
"8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202103200039.p0.git.3841.3e951a5.el8.ppc64le",
"8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202103200039.p0.git.3841.3e951a5.el8.s390x",
"8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202103200039.p0.git.3841.3e951a5.el8.src",
"8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202103200039.p0.git.3841.3e951a5.el8.x86_64",
"8Base-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202103200039.p0.git.3841.3e951a5.el8.x86_64",
"8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202103210832.p0.git.94284.834ccc7.el8.ppc64le",
"8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202103210832.p0.git.94284.834ccc7.el8.s390x",
"8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202103210832.p0.git.94284.834ccc7.el8.x86_64",
"8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202103192141.p0.git.2234.cba9525.el8.src",
"8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202103192141.p0.git.2234.cba9525.el8.noarch",
"8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202103192141.p0.git.2234.cba9525.el8.noarch",
"8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202103192141.p0.git.2234.cba9525.el8.noarch",
"8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202103192141.p0.git.2234.cba9525.el8.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-28362"
},
{
"category": "external",
"summary": "RHBZ#1897635",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1897635"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-28362",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28362"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-28362",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28362"
}
],
"release_date": "2020-11-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-03-30T16:48:30+00:00",
"details": "For OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html.",
"product_ids": [
"8Base-RHOSE-4.6:openshift-eventrouter-0:0.2-6.git7c289cc.el8.ppc64le",
"8Base-RHOSE-4.6:openshift-eventrouter-0:0.2-6.git7c289cc.el8.s390x",
"8Base-RHOSE-4.6:openshift-eventrouter-0:0.2-6.git7c289cc.el8.src",
"8Base-RHOSE-4.6:openshift-eventrouter-0:0.2-6.git7c289cc.el8.x86_64",
"8Base-RHOSE-4.6:openshift-eventrouter-debuginfo-0:0.2-6.git7c289cc.el8.ppc64le",
"8Base-RHOSE-4.6:openshift-eventrouter-debuginfo-0:0.2-6.git7c289cc.el8.s390x",
"8Base-RHOSE-4.6:openshift-eventrouter-debuginfo-0:0.2-6.git7c289cc.el8.x86_64",
"8Base-RHOSE-4.6:openshift-eventrouter-debugsource-0:0.2-6.git7c289cc.el8.ppc64le",
"8Base-RHOSE-4.6:openshift-eventrouter-debugsource-0:0.2-6.git7c289cc.el8.s390x",
"8Base-RHOSE-4.6:openshift-eventrouter-debugsource-0:0.2-6.git7c289cc.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:0956"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202103210832.p0.git.94284.834ccc7.el7.src",
"7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202103192141.p0.git.0.d1b612b.el7.noarch",
"7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202103192141.p0.git.0.d1b612b.el7.src",
"7Server-RH7-RHOSE-4.6:openshift-ansible-test-0:4.6.0-202103192141.p0.git.0.d1b612b.el7.noarch",
"7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202103200039.p0.git.3841.3e951a5.el7.src",
"7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202103200039.p0.git.3841.3e951a5.el7.x86_64",
"7Server-RH7-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202103200039.p0.git.3841.3e951a5.el7.x86_64",
"7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202103210832.p0.git.94284.834ccc7.el7.x86_64",
"8Base-RHOSE-4.6:openshift-0:4.6.0-202103210832.p0.git.94284.834ccc7.el8.src",
"8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202103200039.p0.git.3841.3e951a5.el8.ppc64le",
"8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202103200039.p0.git.3841.3e951a5.el8.s390x",
"8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202103200039.p0.git.3841.3e951a5.el8.src",
"8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202103200039.p0.git.3841.3e951a5.el8.x86_64",
"8Base-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202103200039.p0.git.3841.3e951a5.el8.x86_64",
"8Base-RHOSE-4.6:openshift-eventrouter-0:0.2-6.git7c289cc.el8.ppc64le",
"8Base-RHOSE-4.6:openshift-eventrouter-0:0.2-6.git7c289cc.el8.s390x",
"8Base-RHOSE-4.6:openshift-eventrouter-0:0.2-6.git7c289cc.el8.src",
"8Base-RHOSE-4.6:openshift-eventrouter-0:0.2-6.git7c289cc.el8.x86_64",
"8Base-RHOSE-4.6:openshift-eventrouter-debuginfo-0:0.2-6.git7c289cc.el8.ppc64le",
"8Base-RHOSE-4.6:openshift-eventrouter-debuginfo-0:0.2-6.git7c289cc.el8.s390x",
"8Base-RHOSE-4.6:openshift-eventrouter-debuginfo-0:0.2-6.git7c289cc.el8.x86_64",
"8Base-RHOSE-4.6:openshift-eventrouter-debugsource-0:0.2-6.git7c289cc.el8.ppc64le",
"8Base-RHOSE-4.6:openshift-eventrouter-debugsource-0:0.2-6.git7c289cc.el8.s390x",
"8Base-RHOSE-4.6:openshift-eventrouter-debugsource-0:0.2-6.git7c289cc.el8.x86_64",
"8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202103210832.p0.git.94284.834ccc7.el8.ppc64le",
"8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202103210832.p0.git.94284.834ccc7.el8.s390x",
"8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202103210832.p0.git.94284.834ccc7.el8.x86_64",
"8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202103192141.p0.git.2234.cba9525.el8.src",
"8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202103192141.p0.git.2234.cba9525.el8.noarch",
"8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202103192141.p0.git.2234.cba9525.el8.noarch",
"8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202103192141.p0.git.2234.cba9525.el8.noarch",
"8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202103192141.p0.git.2234.cba9525.el8.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: math/big: panic during recursive division of very large numbers"
}
]
}
RHSA-2021:1366
Vulnerability from csaf_redhat - Published: 2021-05-04 19:34 - Updated: 2026-04-30 16:09Summary
Red Hat Security Advisory: OpenShift Container Platform 4.7.9 packages and security update
Severity
Moderate
Notes
Topic: Red Hat OpenShift Container Platform release 4.7.9 is now available with
updates to packages and images that fix several bugs.
This release includes a security update for Red Hat OpenShift Container Platform 4.7.9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.
This advisory contains the RPM packages for Red Hat OpenShift Container
Platform 4.7.9. See the following advisory for the container images for
this release:
https://access.redhat.com/errata/RHSA-2021:1365
All OpenShift Container Platform 4.7 users are advised to upgrade to these
updated packages and images when they are available in the appropriate
release channel. To check for available updates, use the OpenShift Console
or the CLI oc command. Instructions for upgrading a cluster are available
at
https://docs.openshift.com/container-platform/4.7/updating/updating-cluster
-between-minor.html#understanding-upgrade-channels_updating-cluster-between
-minor
Security Fix(es):
* golang: data race in certain net/http servers including ReverseProxy can lead to DoS (CVE-2020-15586)
* golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs (CVE-2020-16845)
* golang: math/big: panic during recursive division of very large numbers (CVE-2020-28362)
* golang: crypto/elliptic: incorrect operations on the P-224 curve (CVE-2021-3114)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found Go's net/http package. Servers using ReverseProxy from net/http in the Go standard library are vulnerable to a data race that results in a denial of service. The highest threat from this vulnerability is to system availability.
5.9 (Medium)
Affected products
Fixed
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSE-4.7:golang-github-prometheus-promu-0:0.5.0-3.git642a960.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:golang-github-prometheus-promu-0:0.5.0-3.git642a960.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:golang-github-prometheus-promu-0:0.5.0-3.git642a960.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:golang-github-prometheus-promu-0:0.5.0-3.git642a960.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:prometheus-promu-0:0.5.0-3.git642a960.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:prometheus-promu-0:0.5.0-3.git642a960.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:prometheus-promu-0:0.5.0-3.git642a960.el8.x86_64 | — |
Vendor Fix
fix
|
Known not affected
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202104250659.p0.git.7d0a2b2.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202104250659.p0.git.e1b19c2.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202104250659.p0.git.e1b19c2.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202104250659.p0.git.e1b19c2.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202104250659.p0.git.95881af.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202104250659.p0.git.7d0a2b2.el7.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202104260636.p0.git.330c6ef.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202104260636.p0.git.330c6ef.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202104260636.p0.git.330c6ef.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202104260636.p0.git.330c6ef.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-0:4.7.0-202104250659.p0.git.7d0a2b2.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202104250659.p0.git.95881af.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202104250659.p0.git.7d0a2b2.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202104250659.p0.git.7d0a2b2.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202104250659.p0.git.7d0a2b2.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202104250659.p0.git.d49acc4.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202104250659.p0.git.d49acc4.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202104250659.p0.git.d49acc4.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202104250659.p0.git.d49acc4.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202104250659.p0.git.d49acc4.el8.noarch | — |
Threats
Impact
Low
A flaw was found in the Go encoding/binary package. Certain invalid inputs to the ReadUvarint or the ReadVarint causes those functions to read an unlimited number of bytes from the ByteReader argument before returning an error. This flaw possibly leads to processing more input than expected. The highest threat from this vulnerability is to system availability.
7.5 (High)
Affected products
Fixed
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSE-4.7:golang-github-prometheus-promu-0:0.5.0-3.git642a960.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:golang-github-prometheus-promu-0:0.5.0-3.git642a960.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:golang-github-prometheus-promu-0:0.5.0-3.git642a960.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:golang-github-prometheus-promu-0:0.5.0-3.git642a960.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:prometheus-promu-0:0.5.0-3.git642a960.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:prometheus-promu-0:0.5.0-3.git642a960.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:prometheus-promu-0:0.5.0-3.git642a960.el8.x86_64 | — |
Vendor Fix
fix
|
Known not affected
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202104250659.p0.git.7d0a2b2.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202104250659.p0.git.e1b19c2.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202104250659.p0.git.e1b19c2.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202104250659.p0.git.e1b19c2.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202104250659.p0.git.95881af.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202104250659.p0.git.7d0a2b2.el7.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202104260636.p0.git.330c6ef.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202104260636.p0.git.330c6ef.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202104260636.p0.git.330c6ef.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202104260636.p0.git.330c6ef.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-0:4.7.0-202104250659.p0.git.7d0a2b2.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202104250659.p0.git.95881af.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202104250659.p0.git.7d0a2b2.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202104250659.p0.git.7d0a2b2.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202104250659.p0.git.7d0a2b2.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202104250659.p0.git.d49acc4.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202104250659.p0.git.d49acc4.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202104250659.p0.git.d49acc4.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202104250659.p0.git.d49acc4.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202104250659.p0.git.d49acc4.el8.noarch | — |
Threats
Impact
Low
A flaw was found in the math/big package of Go's standard library that causes a denial of service. Applications written in Go that use math/big via cryptographic packages, including crypto/rsa and crypto/x509, are vulnerable and can potentially cause panic via a crafted certificate chain. The highest threat from this vulnerability is to system availability.
7.5 (High)
Affected products
Fixed
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSE-4.7:golang-github-prometheus-promu-0:0.5.0-3.git642a960.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:golang-github-prometheus-promu-0:0.5.0-3.git642a960.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:golang-github-prometheus-promu-0:0.5.0-3.git642a960.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:golang-github-prometheus-promu-0:0.5.0-3.git642a960.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:prometheus-promu-0:0.5.0-3.git642a960.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:prometheus-promu-0:0.5.0-3.git642a960.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:prometheus-promu-0:0.5.0-3.git642a960.el8.x86_64 | — |
Vendor Fix
fix
|
Known not affected
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202104250659.p0.git.7d0a2b2.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202104250659.p0.git.e1b19c2.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202104250659.p0.git.e1b19c2.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202104250659.p0.git.e1b19c2.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202104250659.p0.git.95881af.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202104250659.p0.git.7d0a2b2.el7.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202104260636.p0.git.330c6ef.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202104260636.p0.git.330c6ef.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202104260636.p0.git.330c6ef.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202104260636.p0.git.330c6ef.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-0:4.7.0-202104250659.p0.git.7d0a2b2.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202104250659.p0.git.95881af.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202104250659.p0.git.7d0a2b2.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202104250659.p0.git.7d0a2b2.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202104250659.p0.git.7d0a2b2.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202104250659.p0.git.d49acc4.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202104250659.p0.git.d49acc4.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202104250659.p0.git.d49acc4.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202104250659.p0.git.d49acc4.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202104250659.p0.git.d49acc4.el8.noarch | — |
Threats
Impact
Moderate
A flaw detected in golang: crypto/elliptic, in which P-224 keys as generated can return incorrect inputs, reducing the strength of the cryptography. The highest threat from this vulnerability is confidentiality and integrity.
6.5 (Medium)
Affected products
Fixed
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSE-4.7:golang-github-prometheus-promu-0:0.5.0-3.git642a960.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:golang-github-prometheus-promu-0:0.5.0-3.git642a960.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:golang-github-prometheus-promu-0:0.5.0-3.git642a960.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:golang-github-prometheus-promu-0:0.5.0-3.git642a960.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:prometheus-promu-0:0.5.0-3.git642a960.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:prometheus-promu-0:0.5.0-3.git642a960.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:prometheus-promu-0:0.5.0-3.git642a960.el8.x86_64 | — |
Vendor Fix
fix
|
Known not affected
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202104250659.p0.git.7d0a2b2.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202104250659.p0.git.e1b19c2.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202104250659.p0.git.e1b19c2.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202104250659.p0.git.e1b19c2.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202104250659.p0.git.95881af.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202104250659.p0.git.7d0a2b2.el7.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202104260636.p0.git.330c6ef.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202104260636.p0.git.330c6ef.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202104260636.p0.git.330c6ef.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202104260636.p0.git.330c6ef.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-0:4.7.0-202104250659.p0.git.7d0a2b2.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202104250659.p0.git.95881af.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202104250659.p0.git.7d0a2b2.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202104250659.p0.git.7d0a2b2.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202104250659.p0.git.7d0a2b2.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202104250659.p0.git.d49acc4.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202104250659.p0.git.d49acc4.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202104250659.p0.git.d49acc4.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202104250659.p0.git.d49acc4.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202104250659.p0.git.d49acc4.el8.noarch | — |
Threats
Impact
Moderate
References
27 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Container Platform release 4.7.9 is now available with\nupdates to packages and images that fix several bugs.\n\nThis release includes a security update for Red Hat OpenShift Container Platform 4.7.9.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container\nPlatform 4.7.9. See the following advisory for the container images for\nthis release:\n\nhttps://access.redhat.com/errata/RHSA-2021:1365\n\nAll OpenShift Container Platform 4.7 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster\n-between-minor.html#understanding-upgrade-channels_updating-cluster-between\n-minor\n\nSecurity Fix(es):\n\n* golang: data race in certain net/http servers including ReverseProxy can lead to DoS (CVE-2020-15586)\n\n* golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs (CVE-2020-16845)\n\n* golang: math/big: panic during recursive division of very large numbers (CVE-2020-28362)\n\n* golang: crypto/elliptic: incorrect operations on the P-224 curve (CVE-2021-3114)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2021:1366",
"url": "https://access.redhat.com/errata/RHSA-2021:1366"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1856953",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1856953"
},
{
"category": "external",
"summary": "1867099",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1867099"
},
{
"category": "external",
"summary": "1897635",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1897635"
},
{
"category": "external",
"summary": "1918750",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1918750"
},
{
"category": "external",
"summary": "1953464",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1953464"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_1366.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Container Platform 4.7.9 packages and security update",
"tracking": {
"current_release_date": "2026-04-30T16:09:25+00:00",
"generator": {
"date": "2026-04-30T16:09:25+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.7"
}
},
"id": "RHSA-2021:1366",
"initial_release_date": "2021-05-04T19:34:17+00:00",
"revision_history": [
{
"date": "2021-05-04T19:34:17+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2021-05-04T19:34:17+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-04-30T16:09:25+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 4.7",
"product": {
"name": "Red Hat OpenShift Container Platform 4.7",
"product_id": "7Server-RH7-RHOSE-4.7",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:4.7::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 4.7",
"product": {
"name": "Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:4.7::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-0:4.7.0-202104250659.p0.git.7d0a2b2.el7.src",
"product": {
"name": "openshift-0:4.7.0-202104250659.p0.git.7d0a2b2.el7.src",
"product_id": "openshift-0:4.7.0-202104250659.p0.git.7d0a2b2.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift@4.7.0-202104250659.p0.git.7d0a2b2.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el7.src",
"product": {
"name": "openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el7.src",
"product_id": "openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-clients@4.7.0-202104250659.p0.git.95881af.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-ansible-0:4.7.0-202104250659.p0.git.e1b19c2.el7.src",
"product": {
"name": "openshift-ansible-0:4.7.0-202104250659.p0.git.e1b19c2.el7.src",
"product_id": "openshift-ansible-0:4.7.0-202104250659.p0.git.e1b19c2.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible@4.7.0-202104250659.p0.git.e1b19c2.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el8.src",
"product": {
"name": "openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el8.src",
"product_id": "openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-clients@4.7.0-202104250659.p0.git.95881af.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-0:4.7.0-202104250659.p0.git.7d0a2b2.el8.src",
"product": {
"name": "openshift-0:4.7.0-202104250659.p0.git.7d0a2b2.el8.src",
"product_id": "openshift-0:4.7.0-202104250659.p0.git.7d0a2b2.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift@4.7.0-202104250659.p0.git.7d0a2b2.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-kuryr-0:4.7.0-202104250659.p0.git.d49acc4.el8.src",
"product": {
"name": "openshift-kuryr-0:4.7.0-202104250659.p0.git.d49acc4.el8.src",
"product_id": "openshift-kuryr-0:4.7.0-202104250659.p0.git.d49acc4.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-kuryr@4.7.0-202104250659.p0.git.d49acc4.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "golang-github-prometheus-promu-0:0.5.0-3.git642a960.el8.src",
"product": {
"name": "golang-github-prometheus-promu-0:0.5.0-3.git642a960.el8.src",
"product_id": "golang-github-prometheus-promu-0:0.5.0-3.git642a960.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-github-prometheus-promu@0.5.0-3.git642a960.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-service-idler-0:4.7.0-202104260636.p0.git.330c6ef.el8.src",
"product": {
"name": "atomic-openshift-service-idler-0:4.7.0-202104260636.p0.git.330c6ef.el8.src",
"product_id": "atomic-openshift-service-idler-0:4.7.0-202104260636.p0.git.330c6ef.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-service-idler@4.7.0-202104260636.p0.git.330c6ef.el8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-hyperkube-0:4.7.0-202104250659.p0.git.7d0a2b2.el7.x86_64",
"product": {
"name": "openshift-hyperkube-0:4.7.0-202104250659.p0.git.7d0a2b2.el7.x86_64",
"product_id": "openshift-hyperkube-0:4.7.0-202104250659.p0.git.7d0a2b2.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-hyperkube@4.7.0-202104250659.p0.git.7d0a2b2.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el7.x86_64",
"product": {
"name": "openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el7.x86_64",
"product_id": "openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-clients@4.7.0-202104250659.p0.git.95881af.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openshift-clients-redistributable-0:4.7.0-202104250659.p0.git.95881af.el7.x86_64",
"product": {
"name": "openshift-clients-redistributable-0:4.7.0-202104250659.p0.git.95881af.el7.x86_64",
"product_id": "openshift-clients-redistributable-0:4.7.0-202104250659.p0.git.95881af.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-clients-redistributable@4.7.0-202104250659.p0.git.95881af.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el8.x86_64",
"product": {
"name": "openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el8.x86_64",
"product_id": "openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-clients@4.7.0-202104250659.p0.git.95881af.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openshift-clients-redistributable-0:4.7.0-202104250659.p0.git.95881af.el8.x86_64",
"product": {
"name": "openshift-clients-redistributable-0:4.7.0-202104250659.p0.git.95881af.el8.x86_64",
"product_id": "openshift-clients-redistributable-0:4.7.0-202104250659.p0.git.95881af.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-clients-redistributable@4.7.0-202104250659.p0.git.95881af.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openshift-hyperkube-0:4.7.0-202104250659.p0.git.7d0a2b2.el8.x86_64",
"product": {
"name": "openshift-hyperkube-0:4.7.0-202104250659.p0.git.7d0a2b2.el8.x86_64",
"product_id": "openshift-hyperkube-0:4.7.0-202104250659.p0.git.7d0a2b2.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-hyperkube@4.7.0-202104250659.p0.git.7d0a2b2.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "golang-github-prometheus-promu-0:0.5.0-3.git642a960.el8.x86_64",
"product": {
"name": "golang-github-prometheus-promu-0:0.5.0-3.git642a960.el8.x86_64",
"product_id": "golang-github-prometheus-promu-0:0.5.0-3.git642a960.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-github-prometheus-promu@0.5.0-3.git642a960.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "prometheus-promu-0:0.5.0-3.git642a960.el8.x86_64",
"product": {
"name": "prometheus-promu-0:0.5.0-3.git642a960.el8.x86_64",
"product_id": "prometheus-promu-0:0.5.0-3.git642a960.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/prometheus-promu@0.5.0-3.git642a960.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-service-idler-0:4.7.0-202104260636.p0.git.330c6ef.el8.x86_64",
"product": {
"name": "atomic-openshift-service-idler-0:4.7.0-202104260636.p0.git.330c6ef.el8.x86_64",
"product_id": "atomic-openshift-service-idler-0:4.7.0-202104260636.p0.git.330c6ef.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-service-idler@4.7.0-202104260636.p0.git.330c6ef.el8?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-ansible-0:4.7.0-202104250659.p0.git.e1b19c2.el7.noarch",
"product": {
"name": "openshift-ansible-0:4.7.0-202104250659.p0.git.e1b19c2.el7.noarch",
"product_id": "openshift-ansible-0:4.7.0-202104250659.p0.git.e1b19c2.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible@4.7.0-202104250659.p0.git.e1b19c2.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-ansible-test-0:4.7.0-202104250659.p0.git.e1b19c2.el7.noarch",
"product": {
"name": "openshift-ansible-test-0:4.7.0-202104250659.p0.git.e1b19c2.el7.noarch",
"product_id": "openshift-ansible-test-0:4.7.0-202104250659.p0.git.e1b19c2.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible-test@4.7.0-202104250659.p0.git.e1b19c2.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-kuryr-cni-0:4.7.0-202104250659.p0.git.d49acc4.el8.noarch",
"product": {
"name": "openshift-kuryr-cni-0:4.7.0-202104250659.p0.git.d49acc4.el8.noarch",
"product_id": "openshift-kuryr-cni-0:4.7.0-202104250659.p0.git.d49acc4.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-kuryr-cni@4.7.0-202104250659.p0.git.d49acc4.el8?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-kuryr-common-0:4.7.0-202104250659.p0.git.d49acc4.el8.noarch",
"product": {
"name": "openshift-kuryr-common-0:4.7.0-202104250659.p0.git.d49acc4.el8.noarch",
"product_id": "openshift-kuryr-common-0:4.7.0-202104250659.p0.git.d49acc4.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-kuryr-common@4.7.0-202104250659.p0.git.d49acc4.el8?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-kuryr-controller-0:4.7.0-202104250659.p0.git.d49acc4.el8.noarch",
"product": {
"name": "openshift-kuryr-controller-0:4.7.0-202104250659.p0.git.d49acc4.el8.noarch",
"product_id": "openshift-kuryr-controller-0:4.7.0-202104250659.p0.git.d49acc4.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-kuryr-controller@4.7.0-202104250659.p0.git.d49acc4.el8?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3-kuryr-kubernetes-0:4.7.0-202104250659.p0.git.d49acc4.el8.noarch",
"product": {
"name": "python3-kuryr-kubernetes-0:4.7.0-202104250659.p0.git.d49acc4.el8.noarch",
"product_id": "python3-kuryr-kubernetes-0:4.7.0-202104250659.p0.git.d49acc4.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-kuryr-kubernetes@4.7.0-202104250659.p0.git.d49acc4.el8?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el8.ppc64le",
"product": {
"name": "openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el8.ppc64le",
"product_id": "openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-clients@4.7.0-202104250659.p0.git.95881af.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "openshift-hyperkube-0:4.7.0-202104250659.p0.git.7d0a2b2.el8.ppc64le",
"product": {
"name": "openshift-hyperkube-0:4.7.0-202104250659.p0.git.7d0a2b2.el8.ppc64le",
"product_id": "openshift-hyperkube-0:4.7.0-202104250659.p0.git.7d0a2b2.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-hyperkube@4.7.0-202104250659.p0.git.7d0a2b2.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "golang-github-prometheus-promu-0:0.5.0-3.git642a960.el8.ppc64le",
"product": {
"name": "golang-github-prometheus-promu-0:0.5.0-3.git642a960.el8.ppc64le",
"product_id": "golang-github-prometheus-promu-0:0.5.0-3.git642a960.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-github-prometheus-promu@0.5.0-3.git642a960.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "prometheus-promu-0:0.5.0-3.git642a960.el8.ppc64le",
"product": {
"name": "prometheus-promu-0:0.5.0-3.git642a960.el8.ppc64le",
"product_id": "prometheus-promu-0:0.5.0-3.git642a960.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/prometheus-promu@0.5.0-3.git642a960.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-service-idler-0:4.7.0-202104260636.p0.git.330c6ef.el8.ppc64le",
"product": {
"name": "atomic-openshift-service-idler-0:4.7.0-202104260636.p0.git.330c6ef.el8.ppc64le",
"product_id": "atomic-openshift-service-idler-0:4.7.0-202104260636.p0.git.330c6ef.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-service-idler@4.7.0-202104260636.p0.git.330c6ef.el8?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el8.s390x",
"product": {
"name": "openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el8.s390x",
"product_id": "openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-clients@4.7.0-202104250659.p0.git.95881af.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "openshift-hyperkube-0:4.7.0-202104250659.p0.git.7d0a2b2.el8.s390x",
"product": {
"name": "openshift-hyperkube-0:4.7.0-202104250659.p0.git.7d0a2b2.el8.s390x",
"product_id": "openshift-hyperkube-0:4.7.0-202104250659.p0.git.7d0a2b2.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-hyperkube@4.7.0-202104250659.p0.git.7d0a2b2.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "golang-github-prometheus-promu-0:0.5.0-3.git642a960.el8.s390x",
"product": {
"name": "golang-github-prometheus-promu-0:0.5.0-3.git642a960.el8.s390x",
"product_id": "golang-github-prometheus-promu-0:0.5.0-3.git642a960.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-github-prometheus-promu@0.5.0-3.git642a960.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "prometheus-promu-0:0.5.0-3.git642a960.el8.s390x",
"product": {
"name": "prometheus-promu-0:0.5.0-3.git642a960.el8.s390x",
"product_id": "prometheus-promu-0:0.5.0-3.git642a960.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/prometheus-promu@0.5.0-3.git642a960.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-service-idler-0:4.7.0-202104260636.p0.git.330c6ef.el8.s390x",
"product": {
"name": "atomic-openshift-service-idler-0:4.7.0-202104260636.p0.git.330c6ef.el8.s390x",
"product_id": "atomic-openshift-service-idler-0:4.7.0-202104260636.p0.git.330c6ef.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-service-idler@4.7.0-202104260636.p0.git.330c6ef.el8?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-0:4.7.0-202104250659.p0.git.7d0a2b2.el7.src as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202104250659.p0.git.7d0a2b2.el7.src"
},
"product_reference": "openshift-0:4.7.0-202104250659.p0.git.7d0a2b2.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-0:4.7.0-202104250659.p0.git.e1b19c2.el7.noarch as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202104250659.p0.git.e1b19c2.el7.noarch"
},
"product_reference": "openshift-ansible-0:4.7.0-202104250659.p0.git.e1b19c2.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-0:4.7.0-202104250659.p0.git.e1b19c2.el7.src as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202104250659.p0.git.e1b19c2.el7.src"
},
"product_reference": "openshift-ansible-0:4.7.0-202104250659.p0.git.e1b19c2.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-test-0:4.7.0-202104250659.p0.git.e1b19c2.el7.noarch as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202104250659.p0.git.e1b19c2.el7.noarch"
},
"product_reference": "openshift-ansible-test-0:4.7.0-202104250659.p0.git.e1b19c2.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el7.src as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el7.src"
},
"product_reference": "openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el7.x86_64"
},
"product_reference": "openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-clients-redistributable-0:4.7.0-202104250659.p0.git.95881af.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202104250659.p0.git.95881af.el7.x86_64"
},
"product_reference": "openshift-clients-redistributable-0:4.7.0-202104250659.p0.git.95881af.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-hyperkube-0:4.7.0-202104250659.p0.git.7d0a2b2.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202104250659.p0.git.7d0a2b2.el7.x86_64"
},
"product_reference": "openshift-hyperkube-0:4.7.0-202104250659.p0.git.7d0a2b2.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-service-idler-0:4.7.0-202104260636.p0.git.330c6ef.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202104260636.p0.git.330c6ef.el8.ppc64le"
},
"product_reference": "atomic-openshift-service-idler-0:4.7.0-202104260636.p0.git.330c6ef.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-service-idler-0:4.7.0-202104260636.p0.git.330c6ef.el8.s390x as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202104260636.p0.git.330c6ef.el8.s390x"
},
"product_reference": "atomic-openshift-service-idler-0:4.7.0-202104260636.p0.git.330c6ef.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-service-idler-0:4.7.0-202104260636.p0.git.330c6ef.el8.src as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202104260636.p0.git.330c6ef.el8.src"
},
"product_reference": "atomic-openshift-service-idler-0:4.7.0-202104260636.p0.git.330c6ef.el8.src",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-service-idler-0:4.7.0-202104260636.p0.git.330c6ef.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202104260636.p0.git.330c6ef.el8.x86_64"
},
"product_reference": "atomic-openshift-service-idler-0:4.7.0-202104260636.p0.git.330c6ef.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-promu-0:0.5.0-3.git642a960.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:golang-github-prometheus-promu-0:0.5.0-3.git642a960.el8.ppc64le"
},
"product_reference": "golang-github-prometheus-promu-0:0.5.0-3.git642a960.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-promu-0:0.5.0-3.git642a960.el8.s390x as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:golang-github-prometheus-promu-0:0.5.0-3.git642a960.el8.s390x"
},
"product_reference": "golang-github-prometheus-promu-0:0.5.0-3.git642a960.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-promu-0:0.5.0-3.git642a960.el8.src as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:golang-github-prometheus-promu-0:0.5.0-3.git642a960.el8.src"
},
"product_reference": "golang-github-prometheus-promu-0:0.5.0-3.git642a960.el8.src",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-promu-0:0.5.0-3.git642a960.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:golang-github-prometheus-promu-0:0.5.0-3.git642a960.el8.x86_64"
},
"product_reference": "golang-github-prometheus-promu-0:0.5.0-3.git642a960.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-0:4.7.0-202104250659.p0.git.7d0a2b2.el8.src as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:openshift-0:4.7.0-202104250659.p0.git.7d0a2b2.el8.src"
},
"product_reference": "openshift-0:4.7.0-202104250659.p0.git.7d0a2b2.el8.src",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el8.ppc64le"
},
"product_reference": "openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el8.s390x as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el8.s390x"
},
"product_reference": "openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el8.src as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el8.src"
},
"product_reference": "openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el8.src",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el8.x86_64"
},
"product_reference": "openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-clients-redistributable-0:4.7.0-202104250659.p0.git.95881af.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202104250659.p0.git.95881af.el8.x86_64"
},
"product_reference": "openshift-clients-redistributable-0:4.7.0-202104250659.p0.git.95881af.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-hyperkube-0:4.7.0-202104250659.p0.git.7d0a2b2.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202104250659.p0.git.7d0a2b2.el8.ppc64le"
},
"product_reference": "openshift-hyperkube-0:4.7.0-202104250659.p0.git.7d0a2b2.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-hyperkube-0:4.7.0-202104250659.p0.git.7d0a2b2.el8.s390x as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202104250659.p0.git.7d0a2b2.el8.s390x"
},
"product_reference": "openshift-hyperkube-0:4.7.0-202104250659.p0.git.7d0a2b2.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-hyperkube-0:4.7.0-202104250659.p0.git.7d0a2b2.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202104250659.p0.git.7d0a2b2.el8.x86_64"
},
"product_reference": "openshift-hyperkube-0:4.7.0-202104250659.p0.git.7d0a2b2.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-kuryr-0:4.7.0-202104250659.p0.git.d49acc4.el8.src as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202104250659.p0.git.d49acc4.el8.src"
},
"product_reference": "openshift-kuryr-0:4.7.0-202104250659.p0.git.d49acc4.el8.src",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-kuryr-cni-0:4.7.0-202104250659.p0.git.d49acc4.el8.noarch as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202104250659.p0.git.d49acc4.el8.noarch"
},
"product_reference": "openshift-kuryr-cni-0:4.7.0-202104250659.p0.git.d49acc4.el8.noarch",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-kuryr-common-0:4.7.0-202104250659.p0.git.d49acc4.el8.noarch as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202104250659.p0.git.d49acc4.el8.noarch"
},
"product_reference": "openshift-kuryr-common-0:4.7.0-202104250659.p0.git.d49acc4.el8.noarch",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-kuryr-controller-0:4.7.0-202104250659.p0.git.d49acc4.el8.noarch as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202104250659.p0.git.d49acc4.el8.noarch"
},
"product_reference": "openshift-kuryr-controller-0:4.7.0-202104250659.p0.git.d49acc4.el8.noarch",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "prometheus-promu-0:0.5.0-3.git642a960.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:prometheus-promu-0:0.5.0-3.git642a960.el8.ppc64le"
},
"product_reference": "prometheus-promu-0:0.5.0-3.git642a960.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "prometheus-promu-0:0.5.0-3.git642a960.el8.s390x as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:prometheus-promu-0:0.5.0-3.git642a960.el8.s390x"
},
"product_reference": "prometheus-promu-0:0.5.0-3.git642a960.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "prometheus-promu-0:0.5.0-3.git642a960.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:prometheus-promu-0:0.5.0-3.git642a960.el8.x86_64"
},
"product_reference": "prometheus-promu-0:0.5.0-3.git642a960.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-kuryr-kubernetes-0:4.7.0-202104250659.p0.git.d49acc4.el8.noarch as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202104250659.p0.git.d49acc4.el8.noarch"
},
"product_reference": "python3-kuryr-kubernetes-0:4.7.0-202104250659.p0.git.d49acc4.el8.noarch",
"relates_to_product_reference": "8Base-RHOSE-4.7"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-15586",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"discovery_date": "2020-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202104250659.p0.git.7d0a2b2.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202104250659.p0.git.e1b19c2.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202104250659.p0.git.e1b19c2.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202104250659.p0.git.e1b19c2.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202104250659.p0.git.95881af.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202104250659.p0.git.7d0a2b2.el7.x86_64",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202104260636.p0.git.330c6ef.el8.ppc64le",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202104260636.p0.git.330c6ef.el8.s390x",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202104260636.p0.git.330c6ef.el8.src",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202104260636.p0.git.330c6ef.el8.x86_64",
"8Base-RHOSE-4.7:openshift-0:4.7.0-202104250659.p0.git.7d0a2b2.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el8.s390x",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el8.x86_64",
"8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202104250659.p0.git.95881af.el8.x86_64",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202104250659.p0.git.7d0a2b2.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202104250659.p0.git.7d0a2b2.el8.s390x",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202104250659.p0.git.7d0a2b2.el8.x86_64",
"8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202104250659.p0.git.d49acc4.el8.src",
"8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202104250659.p0.git.d49acc4.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202104250659.p0.git.d49acc4.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202104250659.p0.git.d49acc4.el8.noarch",
"8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202104250659.p0.git.d49acc4.el8.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1856953"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found Go\u0027s net/http package. Servers using ReverseProxy from net/http in the Go standard library are vulnerable to a data race that results in a denial of service. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: data race in certain net/http servers including ReverseProxy can lead to DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform (OCP) components are primarily written in Go, meaning that any component using the net/http package includes the vulnerable code. OCP server endpoints using ReverseProxy are protected by authentication, reducing the severity of this vulnerability to Low for OCP.\n\nSimilar to OCP, OpenShift ServiceMesh (OSSM), RedHat OpenShift Jaeger (RHOSJ) and OpenShift Virtualization are also primarily written in Go and are protected via authentication, reducing the severity of this vulnerability to Low.\n\nRed Hat Gluster Storage 3 and Red Hat Openshift Container Storage 4 components are built with the affected version of Go, however the vulnerable functionality is currently not used by these products and hence this issue has been rated as having a security impact of Low.\n\nRed Hat Ceph Storage 3 and 4 components are built with the affected version of Go, however the vulnerable functionality is currently not used by these products and hence this issue has been rated as having a security impact of Low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.7:golang-github-prometheus-promu-0:0.5.0-3.git642a960.el8.ppc64le",
"8Base-RHOSE-4.7:golang-github-prometheus-promu-0:0.5.0-3.git642a960.el8.s390x",
"8Base-RHOSE-4.7:golang-github-prometheus-promu-0:0.5.0-3.git642a960.el8.src",
"8Base-RHOSE-4.7:golang-github-prometheus-promu-0:0.5.0-3.git642a960.el8.x86_64",
"8Base-RHOSE-4.7:prometheus-promu-0:0.5.0-3.git642a960.el8.ppc64le",
"8Base-RHOSE-4.7:prometheus-promu-0:0.5.0-3.git642a960.el8.s390x",
"8Base-RHOSE-4.7:prometheus-promu-0:0.5.0-3.git642a960.el8.x86_64"
],
"known_not_affected": [
"7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202104250659.p0.git.7d0a2b2.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202104250659.p0.git.e1b19c2.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202104250659.p0.git.e1b19c2.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202104250659.p0.git.e1b19c2.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202104250659.p0.git.95881af.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202104250659.p0.git.7d0a2b2.el7.x86_64",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202104260636.p0.git.330c6ef.el8.ppc64le",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202104260636.p0.git.330c6ef.el8.s390x",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202104260636.p0.git.330c6ef.el8.src",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202104260636.p0.git.330c6ef.el8.x86_64",
"8Base-RHOSE-4.7:openshift-0:4.7.0-202104250659.p0.git.7d0a2b2.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el8.s390x",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el8.x86_64",
"8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202104250659.p0.git.95881af.el8.x86_64",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202104250659.p0.git.7d0a2b2.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202104250659.p0.git.7d0a2b2.el8.s390x",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202104250659.p0.git.7d0a2b2.el8.x86_64",
"8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202104250659.p0.git.d49acc4.el8.src",
"8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202104250659.p0.git.d49acc4.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202104250659.p0.git.d49acc4.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202104250659.p0.git.d49acc4.el8.noarch",
"8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202104250659.p0.git.d49acc4.el8.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-15586"
},
{
"category": "external",
"summary": "RHBZ#1856953",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1856953"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-15586",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15586"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-15586",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15586"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/XZNfaiwgt2w/m/E6gHDs32AQAJ",
"url": "https://groups.google.com/g/golang-announce/c/XZNfaiwgt2w/m/E6gHDs32AQAJ"
}
],
"release_date": "2020-07-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-04T19:34:17+00:00",
"details": "For OpenShift Container Platform 4.7 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html",
"product_ids": [
"8Base-RHOSE-4.7:golang-github-prometheus-promu-0:0.5.0-3.git642a960.el8.ppc64le",
"8Base-RHOSE-4.7:golang-github-prometheus-promu-0:0.5.0-3.git642a960.el8.s390x",
"8Base-RHOSE-4.7:golang-github-prometheus-promu-0:0.5.0-3.git642a960.el8.src",
"8Base-RHOSE-4.7:golang-github-prometheus-promu-0:0.5.0-3.git642a960.el8.x86_64",
"8Base-RHOSE-4.7:prometheus-promu-0:0.5.0-3.git642a960.el8.ppc64le",
"8Base-RHOSE-4.7:prometheus-promu-0:0.5.0-3.git642a960.el8.s390x",
"8Base-RHOSE-4.7:prometheus-promu-0:0.5.0-3.git642a960.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:1366"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202104250659.p0.git.7d0a2b2.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202104250659.p0.git.e1b19c2.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202104250659.p0.git.e1b19c2.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202104250659.p0.git.e1b19c2.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202104250659.p0.git.95881af.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202104250659.p0.git.7d0a2b2.el7.x86_64",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202104260636.p0.git.330c6ef.el8.ppc64le",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202104260636.p0.git.330c6ef.el8.s390x",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202104260636.p0.git.330c6ef.el8.src",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202104260636.p0.git.330c6ef.el8.x86_64",
"8Base-RHOSE-4.7:golang-github-prometheus-promu-0:0.5.0-3.git642a960.el8.ppc64le",
"8Base-RHOSE-4.7:golang-github-prometheus-promu-0:0.5.0-3.git642a960.el8.s390x",
"8Base-RHOSE-4.7:golang-github-prometheus-promu-0:0.5.0-3.git642a960.el8.src",
"8Base-RHOSE-4.7:golang-github-prometheus-promu-0:0.5.0-3.git642a960.el8.x86_64",
"8Base-RHOSE-4.7:openshift-0:4.7.0-202104250659.p0.git.7d0a2b2.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el8.s390x",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el8.x86_64",
"8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202104250659.p0.git.95881af.el8.x86_64",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202104250659.p0.git.7d0a2b2.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202104250659.p0.git.7d0a2b2.el8.s390x",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202104250659.p0.git.7d0a2b2.el8.x86_64",
"8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202104250659.p0.git.d49acc4.el8.src",
"8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202104250659.p0.git.d49acc4.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202104250659.p0.git.d49acc4.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202104250659.p0.git.d49acc4.el8.noarch",
"8Base-RHOSE-4.7:prometheus-promu-0:0.5.0-3.git642a960.el8.ppc64le",
"8Base-RHOSE-4.7:prometheus-promu-0:0.5.0-3.git642a960.el8.s390x",
"8Base-RHOSE-4.7:prometheus-promu-0:0.5.0-3.git642a960.el8.x86_64",
"8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202104250659.p0.git.d49acc4.el8.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang: data race in certain net/http servers including ReverseProxy can lead to DoS"
},
{
"cve": "CVE-2020-16845",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2020-08-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202104250659.p0.git.7d0a2b2.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202104250659.p0.git.e1b19c2.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202104250659.p0.git.e1b19c2.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202104250659.p0.git.e1b19c2.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202104250659.p0.git.95881af.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202104250659.p0.git.7d0a2b2.el7.x86_64",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202104260636.p0.git.330c6ef.el8.ppc64le",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202104260636.p0.git.330c6ef.el8.s390x",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202104260636.p0.git.330c6ef.el8.src",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202104260636.p0.git.330c6ef.el8.x86_64",
"8Base-RHOSE-4.7:openshift-0:4.7.0-202104250659.p0.git.7d0a2b2.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el8.s390x",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el8.x86_64",
"8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202104250659.p0.git.95881af.el8.x86_64",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202104250659.p0.git.7d0a2b2.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202104250659.p0.git.7d0a2b2.el8.s390x",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202104250659.p0.git.7d0a2b2.el8.x86_64",
"8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202104250659.p0.git.d49acc4.el8.src",
"8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202104250659.p0.git.d49acc4.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202104250659.p0.git.d49acc4.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202104250659.p0.git.d49acc4.el8.noarch",
"8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202104250659.p0.git.d49acc4.el8.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1867099"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Go encoding/binary package. Certain invalid inputs to the ReadUvarint or the ReadVarint causes those functions to read an unlimited number of bytes from the ByteReader argument before returning an error. This flaw possibly leads to processing more input than expected. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform (OCP), OpenShift ServiceMesh (OSSM), RedHat OpenShift Jaeger (RHOSJ) and OpenShift Virtualization components are primarily written in Go, meaning that any component using the encoding/binary package includes the vulnerable code. The affected components are behind OpenShift OAuth authentication, therefore the impact is low.\n\nRed Hat Gluster Storage 3, Red Hat OpenShift Container Storage 4 and Red Hat Ceph Storage (3 and 4) components are built with the affected version of Go, however the vulnerable functionality is currently not used by these products and hence this issue has been rated as having a security impact of Low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.7:golang-github-prometheus-promu-0:0.5.0-3.git642a960.el8.ppc64le",
"8Base-RHOSE-4.7:golang-github-prometheus-promu-0:0.5.0-3.git642a960.el8.s390x",
"8Base-RHOSE-4.7:golang-github-prometheus-promu-0:0.5.0-3.git642a960.el8.src",
"8Base-RHOSE-4.7:golang-github-prometheus-promu-0:0.5.0-3.git642a960.el8.x86_64",
"8Base-RHOSE-4.7:prometheus-promu-0:0.5.0-3.git642a960.el8.ppc64le",
"8Base-RHOSE-4.7:prometheus-promu-0:0.5.0-3.git642a960.el8.s390x",
"8Base-RHOSE-4.7:prometheus-promu-0:0.5.0-3.git642a960.el8.x86_64"
],
"known_not_affected": [
"7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202104250659.p0.git.7d0a2b2.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202104250659.p0.git.e1b19c2.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202104250659.p0.git.e1b19c2.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202104250659.p0.git.e1b19c2.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202104250659.p0.git.95881af.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202104250659.p0.git.7d0a2b2.el7.x86_64",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202104260636.p0.git.330c6ef.el8.ppc64le",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202104260636.p0.git.330c6ef.el8.s390x",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202104260636.p0.git.330c6ef.el8.src",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202104260636.p0.git.330c6ef.el8.x86_64",
"8Base-RHOSE-4.7:openshift-0:4.7.0-202104250659.p0.git.7d0a2b2.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el8.s390x",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el8.x86_64",
"8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202104250659.p0.git.95881af.el8.x86_64",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202104250659.p0.git.7d0a2b2.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202104250659.p0.git.7d0a2b2.el8.s390x",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202104250659.p0.git.7d0a2b2.el8.x86_64",
"8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202104250659.p0.git.d49acc4.el8.src",
"8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202104250659.p0.git.d49acc4.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202104250659.p0.git.d49acc4.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202104250659.p0.git.d49acc4.el8.noarch",
"8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202104250659.p0.git.d49acc4.el8.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-16845"
},
{
"category": "external",
"summary": "RHBZ#1867099",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1867099"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-16845",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16845"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-16845",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-16845"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/NyPIaucMgXo",
"url": "https://groups.google.com/g/golang-announce/c/NyPIaucMgXo"
}
],
"release_date": "2020-08-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-04T19:34:17+00:00",
"details": "For OpenShift Container Platform 4.7 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html",
"product_ids": [
"8Base-RHOSE-4.7:golang-github-prometheus-promu-0:0.5.0-3.git642a960.el8.ppc64le",
"8Base-RHOSE-4.7:golang-github-prometheus-promu-0:0.5.0-3.git642a960.el8.s390x",
"8Base-RHOSE-4.7:golang-github-prometheus-promu-0:0.5.0-3.git642a960.el8.src",
"8Base-RHOSE-4.7:golang-github-prometheus-promu-0:0.5.0-3.git642a960.el8.x86_64",
"8Base-RHOSE-4.7:prometheus-promu-0:0.5.0-3.git642a960.el8.ppc64le",
"8Base-RHOSE-4.7:prometheus-promu-0:0.5.0-3.git642a960.el8.s390x",
"8Base-RHOSE-4.7:prometheus-promu-0:0.5.0-3.git642a960.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:1366"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202104250659.p0.git.7d0a2b2.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202104250659.p0.git.e1b19c2.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202104250659.p0.git.e1b19c2.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202104250659.p0.git.e1b19c2.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202104250659.p0.git.95881af.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202104250659.p0.git.7d0a2b2.el7.x86_64",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202104260636.p0.git.330c6ef.el8.ppc64le",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202104260636.p0.git.330c6ef.el8.s390x",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202104260636.p0.git.330c6ef.el8.src",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202104260636.p0.git.330c6ef.el8.x86_64",
"8Base-RHOSE-4.7:golang-github-prometheus-promu-0:0.5.0-3.git642a960.el8.ppc64le",
"8Base-RHOSE-4.7:golang-github-prometheus-promu-0:0.5.0-3.git642a960.el8.s390x",
"8Base-RHOSE-4.7:golang-github-prometheus-promu-0:0.5.0-3.git642a960.el8.src",
"8Base-RHOSE-4.7:golang-github-prometheus-promu-0:0.5.0-3.git642a960.el8.x86_64",
"8Base-RHOSE-4.7:openshift-0:4.7.0-202104250659.p0.git.7d0a2b2.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el8.s390x",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el8.x86_64",
"8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202104250659.p0.git.95881af.el8.x86_64",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202104250659.p0.git.7d0a2b2.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202104250659.p0.git.7d0a2b2.el8.s390x",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202104250659.p0.git.7d0a2b2.el8.x86_64",
"8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202104250659.p0.git.d49acc4.el8.src",
"8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202104250659.p0.git.d49acc4.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202104250659.p0.git.d49acc4.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202104250659.p0.git.d49acc4.el8.noarch",
"8Base-RHOSE-4.7:prometheus-promu-0:0.5.0-3.git642a960.el8.ppc64le",
"8Base-RHOSE-4.7:prometheus-promu-0:0.5.0-3.git642a960.el8.s390x",
"8Base-RHOSE-4.7:prometheus-promu-0:0.5.0-3.git642a960.el8.x86_64",
"8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202104250659.p0.git.d49acc4.el8.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs"
},
{
"cve": "CVE-2020-28362",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2020-11-12T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202104250659.p0.git.7d0a2b2.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202104250659.p0.git.e1b19c2.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202104250659.p0.git.e1b19c2.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202104250659.p0.git.e1b19c2.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202104250659.p0.git.95881af.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202104250659.p0.git.7d0a2b2.el7.x86_64",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202104260636.p0.git.330c6ef.el8.ppc64le",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202104260636.p0.git.330c6ef.el8.s390x",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202104260636.p0.git.330c6ef.el8.src",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202104260636.p0.git.330c6ef.el8.x86_64",
"8Base-RHOSE-4.7:openshift-0:4.7.0-202104250659.p0.git.7d0a2b2.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el8.s390x",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el8.x86_64",
"8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202104250659.p0.git.95881af.el8.x86_64",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202104250659.p0.git.7d0a2b2.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202104250659.p0.git.7d0a2b2.el8.s390x",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202104250659.p0.git.7d0a2b2.el8.x86_64",
"8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202104250659.p0.git.d49acc4.el8.src",
"8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202104250659.p0.git.d49acc4.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202104250659.p0.git.d49acc4.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202104250659.p0.git.d49acc4.el8.noarch",
"8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202104250659.p0.git.d49acc4.el8.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1897635"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the math/big package of Go\u0027s standard library that causes a denial of service. Applications written in Go that use math/big via cryptographic packages, including crypto/rsa and crypto/x509, are vulnerable and can potentially cause panic via a crafted certificate chain. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: math/big: panic during recursive division of very large numbers",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift ServiceMesh (OSSM) 1.1 is Out Of Support Scope (OOSS) for Moderate and Low impact vulnerabilities because it is now in the Maintenance Phase of the support.\nOpenshift Virtualization 1 (formerly Container Native Virtualization) is Out Of Support Scope (OOSS) for Moderate and Low impact vulnerabilities.\n\nRed Hat Gluster Storage 3 shipped multi-cloud-object-gateway-cli and noobaa-operator container as a technical preview and is not currently planned to be addressed in future updates.\n\nOpenShift Container Platform (OCP) 4.5 and earlier are built with Go versions earlier than 1.14, which are not affected by this vulnerability. OCP 4.6 is built with Go 1.15 and is affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.7:golang-github-prometheus-promu-0:0.5.0-3.git642a960.el8.ppc64le",
"8Base-RHOSE-4.7:golang-github-prometheus-promu-0:0.5.0-3.git642a960.el8.s390x",
"8Base-RHOSE-4.7:golang-github-prometheus-promu-0:0.5.0-3.git642a960.el8.src",
"8Base-RHOSE-4.7:golang-github-prometheus-promu-0:0.5.0-3.git642a960.el8.x86_64",
"8Base-RHOSE-4.7:prometheus-promu-0:0.5.0-3.git642a960.el8.ppc64le",
"8Base-RHOSE-4.7:prometheus-promu-0:0.5.0-3.git642a960.el8.s390x",
"8Base-RHOSE-4.7:prometheus-promu-0:0.5.0-3.git642a960.el8.x86_64"
],
"known_not_affected": [
"7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202104250659.p0.git.7d0a2b2.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202104250659.p0.git.e1b19c2.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202104250659.p0.git.e1b19c2.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202104250659.p0.git.e1b19c2.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202104250659.p0.git.95881af.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202104250659.p0.git.7d0a2b2.el7.x86_64",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202104260636.p0.git.330c6ef.el8.ppc64le",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202104260636.p0.git.330c6ef.el8.s390x",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202104260636.p0.git.330c6ef.el8.src",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202104260636.p0.git.330c6ef.el8.x86_64",
"8Base-RHOSE-4.7:openshift-0:4.7.0-202104250659.p0.git.7d0a2b2.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el8.s390x",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el8.x86_64",
"8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202104250659.p0.git.95881af.el8.x86_64",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202104250659.p0.git.7d0a2b2.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202104250659.p0.git.7d0a2b2.el8.s390x",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202104250659.p0.git.7d0a2b2.el8.x86_64",
"8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202104250659.p0.git.d49acc4.el8.src",
"8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202104250659.p0.git.d49acc4.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202104250659.p0.git.d49acc4.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202104250659.p0.git.d49acc4.el8.noarch",
"8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202104250659.p0.git.d49acc4.el8.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-28362"
},
{
"category": "external",
"summary": "RHBZ#1897635",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1897635"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-28362",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28362"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-28362",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28362"
}
],
"release_date": "2020-11-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-04T19:34:17+00:00",
"details": "For OpenShift Container Platform 4.7 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html",
"product_ids": [
"8Base-RHOSE-4.7:golang-github-prometheus-promu-0:0.5.0-3.git642a960.el8.ppc64le",
"8Base-RHOSE-4.7:golang-github-prometheus-promu-0:0.5.0-3.git642a960.el8.s390x",
"8Base-RHOSE-4.7:golang-github-prometheus-promu-0:0.5.0-3.git642a960.el8.src",
"8Base-RHOSE-4.7:golang-github-prometheus-promu-0:0.5.0-3.git642a960.el8.x86_64",
"8Base-RHOSE-4.7:prometheus-promu-0:0.5.0-3.git642a960.el8.ppc64le",
"8Base-RHOSE-4.7:prometheus-promu-0:0.5.0-3.git642a960.el8.s390x",
"8Base-RHOSE-4.7:prometheus-promu-0:0.5.0-3.git642a960.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:1366"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202104250659.p0.git.7d0a2b2.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202104250659.p0.git.e1b19c2.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202104250659.p0.git.e1b19c2.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202104250659.p0.git.e1b19c2.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202104250659.p0.git.95881af.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202104250659.p0.git.7d0a2b2.el7.x86_64",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202104260636.p0.git.330c6ef.el8.ppc64le",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202104260636.p0.git.330c6ef.el8.s390x",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202104260636.p0.git.330c6ef.el8.src",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202104260636.p0.git.330c6ef.el8.x86_64",
"8Base-RHOSE-4.7:golang-github-prometheus-promu-0:0.5.0-3.git642a960.el8.ppc64le",
"8Base-RHOSE-4.7:golang-github-prometheus-promu-0:0.5.0-3.git642a960.el8.s390x",
"8Base-RHOSE-4.7:golang-github-prometheus-promu-0:0.5.0-3.git642a960.el8.src",
"8Base-RHOSE-4.7:golang-github-prometheus-promu-0:0.5.0-3.git642a960.el8.x86_64",
"8Base-RHOSE-4.7:openshift-0:4.7.0-202104250659.p0.git.7d0a2b2.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el8.s390x",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el8.x86_64",
"8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202104250659.p0.git.95881af.el8.x86_64",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202104250659.p0.git.7d0a2b2.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202104250659.p0.git.7d0a2b2.el8.s390x",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202104250659.p0.git.7d0a2b2.el8.x86_64",
"8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202104250659.p0.git.d49acc4.el8.src",
"8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202104250659.p0.git.d49acc4.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202104250659.p0.git.d49acc4.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202104250659.p0.git.d49acc4.el8.noarch",
"8Base-RHOSE-4.7:prometheus-promu-0:0.5.0-3.git642a960.el8.ppc64le",
"8Base-RHOSE-4.7:prometheus-promu-0:0.5.0-3.git642a960.el8.s390x",
"8Base-RHOSE-4.7:prometheus-promu-0:0.5.0-3.git642a960.el8.x86_64",
"8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202104250659.p0.git.d49acc4.el8.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: math/big: panic during recursive division of very large numbers"
},
{
"cve": "CVE-2021-3114",
"cwe": {
"id": "CWE-682",
"name": "Incorrect Calculation"
},
"discovery_date": "2021-01-21T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202104250659.p0.git.7d0a2b2.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202104250659.p0.git.e1b19c2.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202104250659.p0.git.e1b19c2.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202104250659.p0.git.e1b19c2.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202104250659.p0.git.95881af.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202104250659.p0.git.7d0a2b2.el7.x86_64",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202104260636.p0.git.330c6ef.el8.ppc64le",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202104260636.p0.git.330c6ef.el8.s390x",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202104260636.p0.git.330c6ef.el8.src",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202104260636.p0.git.330c6ef.el8.x86_64",
"8Base-RHOSE-4.7:openshift-0:4.7.0-202104250659.p0.git.7d0a2b2.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el8.s390x",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el8.x86_64",
"8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202104250659.p0.git.95881af.el8.x86_64",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202104250659.p0.git.7d0a2b2.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202104250659.p0.git.7d0a2b2.el8.s390x",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202104250659.p0.git.7d0a2b2.el8.x86_64",
"8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202104250659.p0.git.d49acc4.el8.src",
"8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202104250659.p0.git.d49acc4.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202104250659.p0.git.d49acc4.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202104250659.p0.git.d49acc4.el8.noarch",
"8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202104250659.p0.git.d49acc4.el8.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1918750"
}
],
"notes": [
{
"category": "description",
"text": "A flaw detected in golang: crypto/elliptic, in which P-224 keys as generated can return incorrect inputs, reducing the strength of the cryptography. The highest threat from this vulnerability is confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/elliptic: incorrect operations on the P-224 curve",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift ServiceMesh (OSSM) 1.1 is Out Of Support Scope (OOSS) for Moderate and Low impact vulnerabilities because it is now in the Maintenance Phase of the support.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.7:golang-github-prometheus-promu-0:0.5.0-3.git642a960.el8.ppc64le",
"8Base-RHOSE-4.7:golang-github-prometheus-promu-0:0.5.0-3.git642a960.el8.s390x",
"8Base-RHOSE-4.7:golang-github-prometheus-promu-0:0.5.0-3.git642a960.el8.src",
"8Base-RHOSE-4.7:golang-github-prometheus-promu-0:0.5.0-3.git642a960.el8.x86_64",
"8Base-RHOSE-4.7:prometheus-promu-0:0.5.0-3.git642a960.el8.ppc64le",
"8Base-RHOSE-4.7:prometheus-promu-0:0.5.0-3.git642a960.el8.s390x",
"8Base-RHOSE-4.7:prometheus-promu-0:0.5.0-3.git642a960.el8.x86_64"
],
"known_not_affected": [
"7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202104250659.p0.git.7d0a2b2.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202104250659.p0.git.e1b19c2.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202104250659.p0.git.e1b19c2.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202104250659.p0.git.e1b19c2.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202104250659.p0.git.95881af.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202104250659.p0.git.7d0a2b2.el7.x86_64",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202104260636.p0.git.330c6ef.el8.ppc64le",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202104260636.p0.git.330c6ef.el8.s390x",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202104260636.p0.git.330c6ef.el8.src",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202104260636.p0.git.330c6ef.el8.x86_64",
"8Base-RHOSE-4.7:openshift-0:4.7.0-202104250659.p0.git.7d0a2b2.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el8.s390x",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el8.x86_64",
"8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202104250659.p0.git.95881af.el8.x86_64",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202104250659.p0.git.7d0a2b2.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202104250659.p0.git.7d0a2b2.el8.s390x",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202104250659.p0.git.7d0a2b2.el8.x86_64",
"8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202104250659.p0.git.d49acc4.el8.src",
"8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202104250659.p0.git.d49acc4.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202104250659.p0.git.d49acc4.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202104250659.p0.git.d49acc4.el8.noarch",
"8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202104250659.p0.git.d49acc4.el8.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-3114"
},
{
"category": "external",
"summary": "RHBZ#1918750",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1918750"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-3114",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3114"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3114",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3114"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/mperVMGa98w",
"url": "https://groups.google.com/g/golang-announce/c/mperVMGa98w"
}
],
"release_date": "2021-01-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-04T19:34:17+00:00",
"details": "For OpenShift Container Platform 4.7 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html",
"product_ids": [
"8Base-RHOSE-4.7:golang-github-prometheus-promu-0:0.5.0-3.git642a960.el8.ppc64le",
"8Base-RHOSE-4.7:golang-github-prometheus-promu-0:0.5.0-3.git642a960.el8.s390x",
"8Base-RHOSE-4.7:golang-github-prometheus-promu-0:0.5.0-3.git642a960.el8.src",
"8Base-RHOSE-4.7:golang-github-prometheus-promu-0:0.5.0-3.git642a960.el8.x86_64",
"8Base-RHOSE-4.7:prometheus-promu-0:0.5.0-3.git642a960.el8.ppc64le",
"8Base-RHOSE-4.7:prometheus-promu-0:0.5.0-3.git642a960.el8.s390x",
"8Base-RHOSE-4.7:prometheus-promu-0:0.5.0-3.git642a960.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:1366"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202104250659.p0.git.7d0a2b2.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202104250659.p0.git.e1b19c2.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202104250659.p0.git.e1b19c2.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202104250659.p0.git.e1b19c2.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202104250659.p0.git.95881af.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202104250659.p0.git.7d0a2b2.el7.x86_64",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202104260636.p0.git.330c6ef.el8.ppc64le",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202104260636.p0.git.330c6ef.el8.s390x",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202104260636.p0.git.330c6ef.el8.src",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202104260636.p0.git.330c6ef.el8.x86_64",
"8Base-RHOSE-4.7:golang-github-prometheus-promu-0:0.5.0-3.git642a960.el8.ppc64le",
"8Base-RHOSE-4.7:golang-github-prometheus-promu-0:0.5.0-3.git642a960.el8.s390x",
"8Base-RHOSE-4.7:golang-github-prometheus-promu-0:0.5.0-3.git642a960.el8.src",
"8Base-RHOSE-4.7:golang-github-prometheus-promu-0:0.5.0-3.git642a960.el8.x86_64",
"8Base-RHOSE-4.7:openshift-0:4.7.0-202104250659.p0.git.7d0a2b2.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el8.s390x",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202104250659.p0.git.95881af.el8.x86_64",
"8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202104250659.p0.git.95881af.el8.x86_64",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202104250659.p0.git.7d0a2b2.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202104250659.p0.git.7d0a2b2.el8.s390x",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202104250659.p0.git.7d0a2b2.el8.x86_64",
"8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202104250659.p0.git.d49acc4.el8.src",
"8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202104250659.p0.git.d49acc4.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202104250659.p0.git.d49acc4.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202104250659.p0.git.d49acc4.el8.noarch",
"8Base-RHOSE-4.7:prometheus-promu-0:0.5.0-3.git642a960.el8.ppc64le",
"8Base-RHOSE-4.7:prometheus-promu-0:0.5.0-3.git642a960.el8.s390x",
"8Base-RHOSE-4.7:prometheus-promu-0:0.5.0-3.git642a960.el8.x86_64",
"8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202104250659.p0.git.d49acc4.el8.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/elliptic: incorrect operations on the P-224 curve"
}
]
}
RHSA-2021:1551
Vulnerability from csaf_redhat - Published: 2021-05-19 15:03 - Updated: 2026-05-14 22:31Summary
Red Hat Security Advisory: OpenShift Container Platform 4.7.11 security and bug fix update
Severity
Moderate
Notes
Topic: Red Hat OpenShift Container Platform release 4.7.11 is now available with updates to packages and images that fix several bugs.
This release includes a security update for Red Hat OpenShift Container Platform 4.7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.7.11. See the following advisory for the container images for this release:
https://access.redhat.com/errata/RHBA-2021:1550
Security Fix(es):
* golang: math/big: panic during recursive division of very large numbers (CVE-2020-28362)
* golang: crypto/elliptic: incorrect operations on the P-224 curve (CVE-2021-3114)
* jetty: Symlink directory exposes webapp directory contents (CVE-2021-28163)
* jetty: Resource exhaustion when receiving an invalid large TLS frame (CVE-2021-28165)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
All OpenShift Container Platform 4.7 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster-between-minor.html#understanding-upgrade-channels_updating-cluster-between-minor
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the math/big package of Go's standard library that causes a denial of service. Applications written in Go that use math/big via cryptographic packages, including crypto/rsa and crypto/x509, are vulnerable and can potentially cause panic via a crafted certificate chain. The highest threat from this vulnerability is to system availability.
7.5 (High)
Affected products
Fixed
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-tools-0:1.20.0-2.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-tools-0:1.20.0-2.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64 | — |
Vendor Fix
fix
|
Known not affected
62 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202105111743.p0.git.75370d3.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202105111743.p0.git.e1b19c2.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202105111743.p0.git.e1b19c2.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202105111743.p0.git.e1b19c2.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202105111743.p0.git.95881af.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el7.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:jenkins-0:2.277.3.1620393611-1.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:jenkins-0:2.277.3.1620393611-1.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-0:4.7.0-202105111743.p0.git.75370d3.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202105111743.p0.git.95881af.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202105111743.p0.git.36c2cdd.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openstack-ironic-1:16.0.4-0.20210510131210.6787142.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openstack-ironic-api-1:16.0.4-0.20210510131210.6787142.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openstack-ironic-common-1:16.0.4-0.20210510131210.6787142.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openstack-ironic-conductor-1:16.0.4-0.20210510131210.6787142.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:python3-ironic-tests-1:16.0.4-0.20210510131210.6787142.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch | — |
Threats
Impact
Moderate
A flaw detected in golang: crypto/elliptic, in which P-224 keys as generated can return incorrect inputs, reducing the strength of the cryptography. The highest threat from this vulnerability is confidentiality and integrity.
6.5 (Medium)
Affected products
Fixed
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-tools-0:1.20.0-2.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-tools-0:1.20.0-2.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64 | — |
Vendor Fix
fix
|
Known not affected
62 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202105111743.p0.git.75370d3.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202105111743.p0.git.e1b19c2.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202105111743.p0.git.e1b19c2.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202105111743.p0.git.e1b19c2.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202105111743.p0.git.95881af.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el7.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:jenkins-0:2.277.3.1620393611-1.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:jenkins-0:2.277.3.1620393611-1.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-0:4.7.0-202105111743.p0.git.75370d3.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202105111743.p0.git.95881af.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202105111743.p0.git.36c2cdd.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openstack-ironic-1:16.0.4-0.20210510131210.6787142.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openstack-ironic-api-1:16.0.4-0.20210510131210.6787142.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openstack-ironic-common-1:16.0.4-0.20210510131210.6787142.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openstack-ironic-conductor-1:16.0.4-0.20210510131210.6787142.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:python3-ironic-tests-1:16.0.4-0.20210510131210.6787142.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch | — |
Threats
Impact
Moderate
A flaw was found in Jenkins. Due to lack of validation of type of object created after loading the data submitted to the config.xml REST API endpoint of a node, an attackers with Computer/Configure permission are able to replace a node with one of a different type.
CWE-20 - Improper Input ValidationAffected products
Fixed
2 products
Known not affected
86 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-tools-0:1.20.0-2.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-tools-0:1.20.0-2.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202105111743.p0.git.75370d3.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202105111743.p0.git.e1b19c2.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202105111743.p0.git.e1b19c2.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202105111743.p0.git.e1b19c2.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202105111743.p0.git.95881af.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-0:4.7.0-202105111743.p0.git.75370d3.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202105111743.p0.git.95881af.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202105111743.p0.git.36c2cdd.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openstack-ironic-1:16.0.4-0.20210510131210.6787142.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openstack-ironic-api-1:16.0.4-0.20210510131210.6787142.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openstack-ironic-common-1:16.0.4-0.20210510131210.6787142.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openstack-ironic-conductor-1:16.0.4-0.20210510131210.6787142.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:python3-ironic-tests-1:16.0.4-0.20210510131210.6787142.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64 | — |
Threats
Impact
Low
A flaw was found in Jenkins. Due to lack of validation of the newly created view name, an attackers with View/Create permission are allowed to create views with invalid or already-used names.
4.3 (Medium)
Affected products
Fixed
2 products
Known not affected
86 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-tools-0:1.20.0-2.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-tools-0:1.20.0-2.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202105111743.p0.git.75370d3.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202105111743.p0.git.e1b19c2.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202105111743.p0.git.e1b19c2.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202105111743.p0.git.e1b19c2.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202105111743.p0.git.95881af.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-0:4.7.0-202105111743.p0.git.75370d3.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202105111743.p0.git.95881af.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202105111743.p0.git.36c2cdd.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openstack-ironic-1:16.0.4-0.20210510131210.6787142.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openstack-ironic-api-1:16.0.4-0.20210510131210.6787142.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openstack-ironic-common-1:16.0.4-0.20210510131210.6787142.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openstack-ironic-conductor-1:16.0.4-0.20210510131210.6787142.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:python3-ironic-tests-1:16.0.4-0.20210510131210.6787142.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64 | — |
Threats
Impact
Low
If the ${jetty.base} directory or the ${jetty.base}/webapps directory is a symlink the contents of the ${jetty.base}/webapps directory may be deployed as a static web application, exposing the content of the directory for download. The highest threat from this vulnerability is to data confidentiality.
CWE-200 - Exposure of Sensitive Information to an Unauthorized ActorAffected products
Fixed
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:jenkins-0:2.277.3.1620393611-1.el8.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:jenkins-0:2.277.3.1620393611-1.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64 | — |
Vendor Fix
fix
|
Known not affected
73 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-tools-0:1.20.0-2.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-tools-0:1.20.0-2.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202105111743.p0.git.75370d3.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202105111743.p0.git.e1b19c2.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202105111743.p0.git.e1b19c2.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202105111743.p0.git.e1b19c2.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202105111743.p0.git.95881af.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el7.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-0:4.7.0-202105111743.p0.git.75370d3.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202105111743.p0.git.95881af.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202105111743.p0.git.36c2cdd.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openstack-ironic-1:16.0.4-0.20210510131210.6787142.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openstack-ironic-api-1:16.0.4-0.20210510131210.6787142.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openstack-ironic-common-1:16.0.4-0.20210510131210.6787142.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openstack-ironic-conductor-1:16.0.4-0.20210510131210.6787142.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:python3-ironic-tests-1:16.0.4-0.20210510131210.6787142.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch | — |
Threats
Impact
Moderate
When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing high CPU resources utilization. The highest threat from this vulnerability is to service availability.
7.5 (High)
Affected products
Fixed
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:jenkins-0:2.277.3.1620393611-1.el8.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:jenkins-0:2.277.3.1620393611-1.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64 | — |
Vendor Fix
fix
|
Known not affected
73 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-tools-0:1.20.0-2.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-tools-0:1.20.0-2.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202105111743.p0.git.75370d3.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202105111743.p0.git.e1b19c2.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202105111743.p0.git.e1b19c2.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202105111743.p0.git.e1b19c2.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202105111743.p0.git.95881af.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el7.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-0:4.7.0-202105111743.p0.git.75370d3.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202105111743.p0.git.95881af.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202105111743.p0.git.36c2cdd.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openstack-ironic-1:16.0.4-0.20210510131210.6787142.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openstack-ironic-api-1:16.0.4-0.20210510131210.6787142.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openstack-ironic-common-1:16.0.4-0.20210510131210.6787142.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openstack-ironic-conductor-1:16.0.4-0.20210510131210.6787142.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:python3-ironic-tests-1:16.0.4-0.20210510131210.6787142.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch | — |
Threats
Impact
Moderate
References
35 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Container Platform release 4.7.11 is now available with updates to packages and images that fix several bugs.\n\nThis release includes a security update for Red Hat OpenShift Container Platform 4.7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.7.11. See the following advisory for the container images for this release:\n\nhttps://access.redhat.com/errata/RHBA-2021:1550\n\nSecurity Fix(es):\n\n* golang: math/big: panic during recursive division of very large numbers (CVE-2020-28362)\n\n* golang: crypto/elliptic: incorrect operations on the P-224 curve (CVE-2021-3114)\n\n* jetty: Symlink directory exposes webapp directory contents (CVE-2021-28163)\n\n* jetty: Resource exhaustion when receiving an invalid large TLS frame (CVE-2021-28165)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAll OpenShift Container Platform 4.7 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster-between-minor.html#understanding-upgrade-channels_updating-cluster-between-minor",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2021:1551",
"url": "https://access.redhat.com/errata/RHSA-2021:1551"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1897635",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1897635"
},
{
"category": "external",
"summary": "1918750",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1918750"
},
{
"category": "external",
"summary": "1945710",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1945710"
},
{
"category": "external",
"summary": "1945714",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1945714"
},
{
"category": "external",
"summary": "1959660",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1959660"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_1551.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Container Platform 4.7.11 security and bug fix update",
"tracking": {
"current_release_date": "2026-05-14T22:31:16+00:00",
"generator": {
"date": "2026-05-14T22:31:16+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHSA-2021:1551",
"initial_release_date": "2021-05-19T15:03:37+00:00",
"revision_history": [
{
"date": "2021-05-19T15:03:37+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2021-05-19T15:03:37+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-14T22:31:16+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 4.7",
"product": {
"name": "Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:4.7::el8"
}
}
},
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 4.7",
"product": {
"name": "Red Hat OpenShift Container Platform 4.7",
"product_id": "7Server-RH7-RHOSE-4.7",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:4.7::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "openstack-ironic-1:16.0.4-0.20210510131210.6787142.el8.src",
"product": {
"name": "openstack-ironic-1:16.0.4-0.20210510131210.6787142.el8.src",
"product_id": "openstack-ironic-1:16.0.4-0.20210510131210.6787142.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openstack-ironic@16.0.4-0.20210510131210.6787142.el8?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openshift-kuryr-0:4.7.0-202105111743.p0.git.36c2cdd.el8.src",
"product": {
"name": "openshift-kuryr-0:4.7.0-202105111743.p0.git.36c2cdd.el8.src",
"product_id": "openshift-kuryr-0:4.7.0-202105111743.p0.git.36c2cdd.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-kuryr@4.7.0-202105111743.p0.git.36c2cdd.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.src",
"product": {
"name": "atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.src",
"product_id": "atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-service-idler@4.7.0-202105111743.p0.git.39cfc66.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.src",
"product": {
"name": "ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.src",
"product_id": "ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ignition@2.9.0-3.rhaos4.7.git1d56dc8.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.src",
"product": {
"name": "openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.src",
"product_id": "openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-clients@4.7.0-202105111743.p0.git.95881af.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-0:4.7.0-202105111743.p0.git.75370d3.el8.src",
"product": {
"name": "openshift-0:4.7.0-202105111743.p0.git.75370d3.el8.src",
"product_id": "openshift-0:4.7.0-202105111743.p0.git.75370d3.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift@4.7.0-202105111743.p0.git.75370d3.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.src",
"product": {
"name": "cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.src",
"product_id": "cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o@1.20.2-11.rhaos4.7.git704b03d.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "jenkins-0:2.277.3.1620393611-1.el8.src",
"product": {
"name": "jenkins-0:2.277.3.1620393611-1.el8.src",
"product_id": "jenkins-0:2.277.3.1620393611-1.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins@2.277.3.1620393611-1.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "cri-tools-0:1.20.0-2.el8.src",
"product": {
"name": "cri-tools-0:1.20.0-2.el8.src",
"product_id": "cri-tools-0:1.20.0-2.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-tools@1.20.0-2.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.src",
"product": {
"name": "runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.src",
"product_id": "runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc@1.0.0-95.rhaos4.8.gitcd80260.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-0:4.7.0-202105111743.p0.git.75370d3.el7.src",
"product": {
"name": "openshift-0:4.7.0-202105111743.p0.git.75370d3.el7.src",
"product_id": "openshift-0:4.7.0-202105111743.p0.git.75370d3.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift@4.7.0-202105111743.p0.git.75370d3.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-ansible-0:4.7.0-202105111743.p0.git.e1b19c2.el7.src",
"product": {
"name": "openshift-ansible-0:4.7.0-202105111743.p0.git.e1b19c2.el7.src",
"product_id": "openshift-ansible-0:4.7.0-202105111743.p0.git.e1b19c2.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible@4.7.0-202105111743.p0.git.e1b19c2.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el7.src",
"product": {
"name": "openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el7.src",
"product_id": "openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-clients@4.7.0-202105111743.p0.git.95881af.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "cri-tools-0:1.20.0-2.el7.src",
"product": {
"name": "cri-tools-0:1.20.0-2.el7.src",
"product_id": "cri-tools-0:1.20.0-2.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-tools@1.20.0-2.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el7.src",
"product": {
"name": "cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el7.src",
"product_id": "cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o@1.20.2-11.rhaos4.7.git704b03d.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.src",
"product": {
"name": "runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.src",
"product_id": "runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc@1.0.0-95.rhaos4.8.gitcd80260.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "openstack-ironic-api-1:16.0.4-0.20210510131210.6787142.el8.noarch",
"product": {
"name": "openstack-ironic-api-1:16.0.4-0.20210510131210.6787142.el8.noarch",
"product_id": "openstack-ironic-api-1:16.0.4-0.20210510131210.6787142.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openstack-ironic-api@16.0.4-0.20210510131210.6787142.el8?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openstack-ironic-common-1:16.0.4-0.20210510131210.6787142.el8.noarch",
"product": {
"name": "openstack-ironic-common-1:16.0.4-0.20210510131210.6787142.el8.noarch",
"product_id": "openstack-ironic-common-1:16.0.4-0.20210510131210.6787142.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openstack-ironic-common@16.0.4-0.20210510131210.6787142.el8?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openstack-ironic-conductor-1:16.0.4-0.20210510131210.6787142.el8.noarch",
"product": {
"name": "openstack-ironic-conductor-1:16.0.4-0.20210510131210.6787142.el8.noarch",
"product_id": "openstack-ironic-conductor-1:16.0.4-0.20210510131210.6787142.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openstack-ironic-conductor@16.0.4-0.20210510131210.6787142.el8?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "python3-ironic-tests-1:16.0.4-0.20210510131210.6787142.el8.noarch",
"product": {
"name": "python3-ironic-tests-1:16.0.4-0.20210510131210.6787142.el8.noarch",
"product_id": "python3-ironic-tests-1:16.0.4-0.20210510131210.6787142.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-ironic-tests@16.0.4-0.20210510131210.6787142.el8?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openshift-kuryr-cni-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
"product": {
"name": "openshift-kuryr-cni-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
"product_id": "openshift-kuryr-cni-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-kuryr-cni@4.7.0-202105111743.p0.git.36c2cdd.el8?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-kuryr-common-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
"product": {
"name": "openshift-kuryr-common-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
"product_id": "openshift-kuryr-common-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-kuryr-common@4.7.0-202105111743.p0.git.36c2cdd.el8?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-kuryr-controller-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
"product": {
"name": "openshift-kuryr-controller-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
"product_id": "openshift-kuryr-controller-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-kuryr-controller@4.7.0-202105111743.p0.git.36c2cdd.el8?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3-kuryr-kubernetes-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
"product": {
"name": "python3-kuryr-kubernetes-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
"product_id": "python3-kuryr-kubernetes-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-kuryr-kubernetes@4.7.0-202105111743.p0.git.36c2cdd.el8?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jenkins-0:2.277.3.1620393611-1.el8.noarch",
"product": {
"name": "jenkins-0:2.277.3.1620393611-1.el8.noarch",
"product_id": "jenkins-0:2.277.3.1620393611-1.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins@2.277.3.1620393611-1.el8?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-ansible-0:4.7.0-202105111743.p0.git.e1b19c2.el7.noarch",
"product": {
"name": "openshift-ansible-0:4.7.0-202105111743.p0.git.e1b19c2.el7.noarch",
"product_id": "openshift-ansible-0:4.7.0-202105111743.p0.git.e1b19c2.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible@4.7.0-202105111743.p0.git.e1b19c2.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-ansible-test-0:4.7.0-202105111743.p0.git.e1b19c2.el7.noarch",
"product": {
"name": "openshift-ansible-test-0:4.7.0-202105111743.p0.git.e1b19c2.el7.noarch",
"product_id": "openshift-ansible-test-0:4.7.0-202105111743.p0.git.e1b19c2.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible-test@4.7.0-202105111743.p0.git.e1b19c2.el7?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.x86_64",
"product": {
"name": "atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.x86_64",
"product_id": "atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-service-idler@4.7.0-202105111743.p0.git.39cfc66.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
"product": {
"name": "ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
"product_id": "ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ignition@2.9.0-3.rhaos4.7.git1d56dc8.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
"product": {
"name": "ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
"product_id": "ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ignition-validate@2.9.0-3.rhaos4.7.git1d56dc8.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
"product": {
"name": "ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
"product_id": "ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ignition-debugsource@2.9.0-3.rhaos4.7.git1d56dc8.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
"product": {
"name": "ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
"product_id": "ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ignition-debuginfo@2.9.0-3.rhaos4.7.git1d56dc8.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
"product": {
"name": "ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
"product_id": "ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ignition-validate-debuginfo@2.9.0-3.rhaos4.7.git1d56dc8.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.x86_64",
"product": {
"name": "openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.x86_64",
"product_id": "openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-clients@4.7.0-202105111743.p0.git.95881af.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openshift-clients-redistributable-0:4.7.0-202105111743.p0.git.95881af.el8.x86_64",
"product": {
"name": "openshift-clients-redistributable-0:4.7.0-202105111743.p0.git.95881af.el8.x86_64",
"product_id": "openshift-clients-redistributable-0:4.7.0-202105111743.p0.git.95881af.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-clients-redistributable@4.7.0-202105111743.p0.git.95881af.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.x86_64",
"product": {
"name": "openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.x86_64",
"product_id": "openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-hyperkube@4.7.0-202105111743.p0.git.75370d3.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
"product": {
"name": "cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
"product_id": "cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o@1.20.2-11.rhaos4.7.git704b03d.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
"product": {
"name": "cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
"product_id": "cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debugsource@1.20.2-11.rhaos4.7.git704b03d.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
"product": {
"name": "cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
"product_id": "cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debuginfo@1.20.2-11.rhaos4.7.git704b03d.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cri-tools-0:1.20.0-2.el8.x86_64",
"product": {
"name": "cri-tools-0:1.20.0-2.el8.x86_64",
"product_id": "cri-tools-0:1.20.0-2.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-tools@1.20.0-2.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cri-tools-debugsource-0:1.20.0-2.el8.x86_64",
"product": {
"name": "cri-tools-debugsource-0:1.20.0-2.el8.x86_64",
"product_id": "cri-tools-debugsource-0:1.20.0-2.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-tools-debugsource@1.20.0-2.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cri-tools-debuginfo-0:1.20.0-2.el8.x86_64",
"product": {
"name": "cri-tools-debuginfo-0:1.20.0-2.el8.x86_64",
"product_id": "cri-tools-debuginfo-0:1.20.0-2.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-tools-debuginfo@1.20.0-2.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64",
"product": {
"name": "runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64",
"product_id": "runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc@1.0.0-95.rhaos4.8.gitcd80260.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64",
"product": {
"name": "runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64",
"product_id": "runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc-debugsource@1.0.0-95.rhaos4.8.gitcd80260.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64",
"product": {
"name": "runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64",
"product_id": "runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc-debuginfo@1.0.0-95.rhaos4.8.gitcd80260.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el7.x86_64",
"product": {
"name": "openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el7.x86_64",
"product_id": "openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-hyperkube@4.7.0-202105111743.p0.git.75370d3.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el7.x86_64",
"product": {
"name": "openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el7.x86_64",
"product_id": "openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-clients@4.7.0-202105111743.p0.git.95881af.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openshift-clients-redistributable-0:4.7.0-202105111743.p0.git.95881af.el7.x86_64",
"product": {
"name": "openshift-clients-redistributable-0:4.7.0-202105111743.p0.git.95881af.el7.x86_64",
"product_id": "openshift-clients-redistributable-0:4.7.0-202105111743.p0.git.95881af.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-clients-redistributable@4.7.0-202105111743.p0.git.95881af.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cri-tools-0:1.20.0-2.el7.x86_64",
"product": {
"name": "cri-tools-0:1.20.0-2.el7.x86_64",
"product_id": "cri-tools-0:1.20.0-2.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-tools@1.20.0-2.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cri-tools-debuginfo-0:1.20.0-2.el7.x86_64",
"product": {
"name": "cri-tools-debuginfo-0:1.20.0-2.el7.x86_64",
"product_id": "cri-tools-debuginfo-0:1.20.0-2.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-tools-debuginfo@1.20.0-2.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el7.x86_64",
"product": {
"name": "cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el7.x86_64",
"product_id": "cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o@1.20.2-11.rhaos4.7.git704b03d.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el7.x86_64",
"product": {
"name": "cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el7.x86_64",
"product_id": "cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debuginfo@1.20.2-11.rhaos4.7.git704b03d.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64",
"product": {
"name": "runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64",
"product_id": "runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc@1.0.0-95.rhaos4.8.gitcd80260.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64",
"product": {
"name": "runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64",
"product_id": "runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc-debuginfo@1.0.0-95.rhaos4.8.gitcd80260.el7?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.ppc64le",
"product": {
"name": "atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.ppc64le",
"product_id": "atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-service-idler@4.7.0-202105111743.p0.git.39cfc66.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
"product": {
"name": "ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
"product_id": "ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ignition@2.9.0-3.rhaos4.7.git1d56dc8.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
"product": {
"name": "ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
"product_id": "ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ignition-validate@2.9.0-3.rhaos4.7.git1d56dc8.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
"product": {
"name": "ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
"product_id": "ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ignition-debugsource@2.9.0-3.rhaos4.7.git1d56dc8.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
"product": {
"name": "ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
"product_id": "ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ignition-debuginfo@2.9.0-3.rhaos4.7.git1d56dc8.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
"product": {
"name": "ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
"product_id": "ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ignition-validate-debuginfo@2.9.0-3.rhaos4.7.git1d56dc8.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.ppc64le",
"product": {
"name": "openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.ppc64le",
"product_id": "openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-clients@4.7.0-202105111743.p0.git.95881af.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.ppc64le",
"product": {
"name": "openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.ppc64le",
"product_id": "openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-hyperkube@4.7.0-202105111743.p0.git.75370d3.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
"product": {
"name": "cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
"product_id": "cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o@1.20.2-11.rhaos4.7.git704b03d.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
"product": {
"name": "cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
"product_id": "cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debugsource@1.20.2-11.rhaos4.7.git704b03d.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
"product": {
"name": "cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
"product_id": "cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debuginfo@1.20.2-11.rhaos4.7.git704b03d.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cri-tools-0:1.20.0-2.el8.ppc64le",
"product": {
"name": "cri-tools-0:1.20.0-2.el8.ppc64le",
"product_id": "cri-tools-0:1.20.0-2.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-tools@1.20.0-2.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cri-tools-debugsource-0:1.20.0-2.el8.ppc64le",
"product": {
"name": "cri-tools-debugsource-0:1.20.0-2.el8.ppc64le",
"product_id": "cri-tools-debugsource-0:1.20.0-2.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-tools-debugsource@1.20.0-2.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cri-tools-debuginfo-0:1.20.0-2.el8.ppc64le",
"product": {
"name": "cri-tools-debuginfo-0:1.20.0-2.el8.ppc64le",
"product_id": "cri-tools-debuginfo-0:1.20.0-2.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-tools-debuginfo@1.20.0-2.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
"product": {
"name": "runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
"product_id": "runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc@1.0.0-95.rhaos4.8.gitcd80260.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
"product": {
"name": "runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
"product_id": "runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc-debugsource@1.0.0-95.rhaos4.8.gitcd80260.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
"product": {
"name": "runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
"product_id": "runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc-debuginfo@1.0.0-95.rhaos4.8.gitcd80260.el8?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.s390x",
"product": {
"name": "atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.s390x",
"product_id": "atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-service-idler@4.7.0-202105111743.p0.git.39cfc66.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
"product": {
"name": "ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
"product_id": "ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ignition@2.9.0-3.rhaos4.7.git1d56dc8.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
"product": {
"name": "ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
"product_id": "ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ignition-validate@2.9.0-3.rhaos4.7.git1d56dc8.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
"product": {
"name": "ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
"product_id": "ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ignition-debugsource@2.9.0-3.rhaos4.7.git1d56dc8.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
"product": {
"name": "ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
"product_id": "ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ignition-debuginfo@2.9.0-3.rhaos4.7.git1d56dc8.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
"product": {
"name": "ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
"product_id": "ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ignition-validate-debuginfo@2.9.0-3.rhaos4.7.git1d56dc8.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.s390x",
"product": {
"name": "openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.s390x",
"product_id": "openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-clients@4.7.0-202105111743.p0.git.95881af.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.s390x",
"product": {
"name": "openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.s390x",
"product_id": "openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-hyperkube@4.7.0-202105111743.p0.git.75370d3.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
"product": {
"name": "cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
"product_id": "cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o@1.20.2-11.rhaos4.7.git704b03d.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
"product": {
"name": "cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
"product_id": "cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debugsource@1.20.2-11.rhaos4.7.git704b03d.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
"product": {
"name": "cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
"product_id": "cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debuginfo@1.20.2-11.rhaos4.7.git704b03d.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cri-tools-0:1.20.0-2.el8.s390x",
"product": {
"name": "cri-tools-0:1.20.0-2.el8.s390x",
"product_id": "cri-tools-0:1.20.0-2.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-tools@1.20.0-2.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cri-tools-debugsource-0:1.20.0-2.el8.s390x",
"product": {
"name": "cri-tools-debugsource-0:1.20.0-2.el8.s390x",
"product_id": "cri-tools-debugsource-0:1.20.0-2.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-tools-debugsource@1.20.0-2.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cri-tools-debuginfo-0:1.20.0-2.el8.s390x",
"product": {
"name": "cri-tools-debuginfo-0:1.20.0-2.el8.s390x",
"product_id": "cri-tools-debuginfo-0:1.20.0-2.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-tools-debuginfo@1.20.0-2.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
"product": {
"name": "runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
"product_id": "runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc@1.0.0-95.rhaos4.8.gitcd80260.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
"product": {
"name": "runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
"product_id": "runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc-debugsource@1.0.0-95.rhaos4.8.gitcd80260.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
"product": {
"name": "runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
"product_id": "runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc-debuginfo@1.0.0-95.rhaos4.8.gitcd80260.el8?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el7.src as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el7.src"
},
"product_reference": "cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el7.x86_64"
},
"product_reference": "cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el7.x86_64"
},
"product_reference": "cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-tools-0:1.20.0-2.el7.src as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "7Server-RH7-RHOSE-4.7:cri-tools-0:1.20.0-2.el7.src"
},
"product_reference": "cri-tools-0:1.20.0-2.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-tools-0:1.20.0-2.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "7Server-RH7-RHOSE-4.7:cri-tools-0:1.20.0-2.el7.x86_64"
},
"product_reference": "cri-tools-0:1.20.0-2.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-tools-debuginfo-0:1.20.0-2.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "7Server-RH7-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el7.x86_64"
},
"product_reference": "cri-tools-debuginfo-0:1.20.0-2.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-0:4.7.0-202105111743.p0.git.75370d3.el7.src as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202105111743.p0.git.75370d3.el7.src"
},
"product_reference": "openshift-0:4.7.0-202105111743.p0.git.75370d3.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-0:4.7.0-202105111743.p0.git.e1b19c2.el7.noarch as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202105111743.p0.git.e1b19c2.el7.noarch"
},
"product_reference": "openshift-ansible-0:4.7.0-202105111743.p0.git.e1b19c2.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-0:4.7.0-202105111743.p0.git.e1b19c2.el7.src as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202105111743.p0.git.e1b19c2.el7.src"
},
"product_reference": "openshift-ansible-0:4.7.0-202105111743.p0.git.e1b19c2.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-test-0:4.7.0-202105111743.p0.git.e1b19c2.el7.noarch as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202105111743.p0.git.e1b19c2.el7.noarch"
},
"product_reference": "openshift-ansible-test-0:4.7.0-202105111743.p0.git.e1b19c2.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el7.src as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el7.src"
},
"product_reference": "openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el7.x86_64"
},
"product_reference": "openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-clients-redistributable-0:4.7.0-202105111743.p0.git.95881af.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202105111743.p0.git.95881af.el7.x86_64"
},
"product_reference": "openshift-clients-redistributable-0:4.7.0-202105111743.p0.git.95881af.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el7.x86_64"
},
"product_reference": "openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.src as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "7Server-RH7-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.src"
},
"product_reference": "runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "7Server-RH7-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64"
},
"product_reference": "runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "7Server-RH7-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64"
},
"product_reference": "runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.ppc64le"
},
"product_reference": "atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.s390x as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.s390x"
},
"product_reference": "atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.src as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.src"
},
"product_reference": "atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.src",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.x86_64"
},
"product_reference": "atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le"
},
"product_reference": "cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x"
},
"product_reference": "cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.src as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.src"
},
"product_reference": "cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.src",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64"
},
"product_reference": "cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le"
},
"product_reference": "cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x"
},
"product_reference": "cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64"
},
"product_reference": "cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le"
},
"product_reference": "cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x"
},
"product_reference": "cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64"
},
"product_reference": "cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-tools-0:1.20.0-2.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.ppc64le"
},
"product_reference": "cri-tools-0:1.20.0-2.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-tools-0:1.20.0-2.el8.s390x as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.s390x"
},
"product_reference": "cri-tools-0:1.20.0-2.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-tools-0:1.20.0-2.el8.src as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.src"
},
"product_reference": "cri-tools-0:1.20.0-2.el8.src",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-tools-0:1.20.0-2.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.x86_64"
},
"product_reference": "cri-tools-0:1.20.0-2.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-tools-debuginfo-0:1.20.0-2.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.ppc64le"
},
"product_reference": "cri-tools-debuginfo-0:1.20.0-2.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-tools-debuginfo-0:1.20.0-2.el8.s390x as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.s390x"
},
"product_reference": "cri-tools-debuginfo-0:1.20.0-2.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-tools-debuginfo-0:1.20.0-2.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.x86_64"
},
"product_reference": "cri-tools-debuginfo-0:1.20.0-2.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-tools-debugsource-0:1.20.0-2.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.ppc64le"
},
"product_reference": "cri-tools-debugsource-0:1.20.0-2.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-tools-debugsource-0:1.20.0-2.el8.s390x as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.s390x"
},
"product_reference": "cri-tools-debugsource-0:1.20.0-2.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-tools-debugsource-0:1.20.0-2.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.x86_64"
},
"product_reference": "cri-tools-debugsource-0:1.20.0-2.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le"
},
"product_reference": "ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x"
},
"product_reference": "ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.src as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.src"
},
"product_reference": "ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.src",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64"
},
"product_reference": "ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le"
},
"product_reference": "ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x"
},
"product_reference": "ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64"
},
"product_reference": "ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le"
},
"product_reference": "ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x"
},
"product_reference": "ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64"
},
"product_reference": "ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le"
},
"product_reference": "ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x"
},
"product_reference": "ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64"
},
"product_reference": "ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le"
},
"product_reference": "ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x"
},
"product_reference": "ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64"
},
"product_reference": "ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-0:2.277.3.1620393611-1.el8.noarch as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:jenkins-0:2.277.3.1620393611-1.el8.noarch"
},
"product_reference": "jenkins-0:2.277.3.1620393611-1.el8.noarch",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-0:2.277.3.1620393611-1.el8.src as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:jenkins-0:2.277.3.1620393611-1.el8.src"
},
"product_reference": "jenkins-0:2.277.3.1620393611-1.el8.src",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-0:4.7.0-202105111743.p0.git.75370d3.el8.src as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:openshift-0:4.7.0-202105111743.p0.git.75370d3.el8.src"
},
"product_reference": "openshift-0:4.7.0-202105111743.p0.git.75370d3.el8.src",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.ppc64le"
},
"product_reference": "openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.s390x as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.s390x"
},
"product_reference": "openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.src as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.src"
},
"product_reference": "openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.src",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.x86_64"
},
"product_reference": "openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-clients-redistributable-0:4.7.0-202105111743.p0.git.95881af.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202105111743.p0.git.95881af.el8.x86_64"
},
"product_reference": "openshift-clients-redistributable-0:4.7.0-202105111743.p0.git.95881af.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.ppc64le"
},
"product_reference": "openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.s390x as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.s390x"
},
"product_reference": "openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.x86_64"
},
"product_reference": "openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-kuryr-0:4.7.0-202105111743.p0.git.36c2cdd.el8.src as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202105111743.p0.git.36c2cdd.el8.src"
},
"product_reference": "openshift-kuryr-0:4.7.0-202105111743.p0.git.36c2cdd.el8.src",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-kuryr-cni-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch"
},
"product_reference": "openshift-kuryr-cni-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-kuryr-common-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch"
},
"product_reference": "openshift-kuryr-common-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-kuryr-controller-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch"
},
"product_reference": "openshift-kuryr-controller-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-ironic-1:16.0.4-0.20210510131210.6787142.el8.src as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:openstack-ironic-1:16.0.4-0.20210510131210.6787142.el8.src"
},
"product_reference": "openstack-ironic-1:16.0.4-0.20210510131210.6787142.el8.src",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-ironic-api-1:16.0.4-0.20210510131210.6787142.el8.noarch as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:openstack-ironic-api-1:16.0.4-0.20210510131210.6787142.el8.noarch"
},
"product_reference": "openstack-ironic-api-1:16.0.4-0.20210510131210.6787142.el8.noarch",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-ironic-common-1:16.0.4-0.20210510131210.6787142.el8.noarch as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:openstack-ironic-common-1:16.0.4-0.20210510131210.6787142.el8.noarch"
},
"product_reference": "openstack-ironic-common-1:16.0.4-0.20210510131210.6787142.el8.noarch",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-ironic-conductor-1:16.0.4-0.20210510131210.6787142.el8.noarch as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:openstack-ironic-conductor-1:16.0.4-0.20210510131210.6787142.el8.noarch"
},
"product_reference": "openstack-ironic-conductor-1:16.0.4-0.20210510131210.6787142.el8.noarch",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-ironic-tests-1:16.0.4-0.20210510131210.6787142.el8.noarch as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:python3-ironic-tests-1:16.0.4-0.20210510131210.6787142.el8.noarch"
},
"product_reference": "python3-ironic-tests-1:16.0.4-0.20210510131210.6787142.el8.noarch",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-kuryr-kubernetes-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch"
},
"product_reference": "python3-kuryr-kubernetes-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le"
},
"product_reference": "runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x"
},
"product_reference": "runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.src as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.src"
},
"product_reference": "runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.src",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64"
},
"product_reference": "runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le"
},
"product_reference": "runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x"
},
"product_reference": "runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64"
},
"product_reference": "runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le"
},
"product_reference": "runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x"
},
"product_reference": "runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64"
},
"product_reference": "runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.7"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-28362",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2020-11-12T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el7.src",
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el7.x86_64",
"7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202105111743.p0.git.75370d3.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202105111743.p0.git.e1b19c2.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202105111743.p0.git.e1b19c2.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202105111743.p0.git.e1b19c2.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202105111743.p0.git.95881af.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el7.x86_64",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.ppc64le",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.s390x",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.src",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
"8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.src",
"8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
"8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.src",
"8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:jenkins-0:2.277.3.1620393611-1.el8.noarch",
"8Base-RHOSE-4.7:jenkins-0:2.277.3.1620393611-1.el8.src",
"8Base-RHOSE-4.7:openshift-0:4.7.0-202105111743.p0.git.75370d3.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.s390x",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.x86_64",
"8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202105111743.p0.git.95881af.el8.x86_64",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.s390x",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.x86_64",
"8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202105111743.p0.git.36c2cdd.el8.src",
"8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
"8Base-RHOSE-4.7:openstack-ironic-1:16.0.4-0.20210510131210.6787142.el8.src",
"8Base-RHOSE-4.7:openstack-ironic-api-1:16.0.4-0.20210510131210.6787142.el8.noarch",
"8Base-RHOSE-4.7:openstack-ironic-common-1:16.0.4-0.20210510131210.6787142.el8.noarch",
"8Base-RHOSE-4.7:openstack-ironic-conductor-1:16.0.4-0.20210510131210.6787142.el8.noarch",
"8Base-RHOSE-4.7:python3-ironic-tests-1:16.0.4-0.20210510131210.6787142.el8.noarch",
"8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1897635"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the math/big package of Go\u0027s standard library that causes a denial of service. Applications written in Go that use math/big via cryptographic packages, including crypto/rsa and crypto/x509, are vulnerable and can potentially cause panic via a crafted certificate chain. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: math/big: panic during recursive division of very large numbers",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift ServiceMesh (OSSM) 1.1 is Out Of Support Scope (OOSS) for Moderate and Low impact vulnerabilities because it is now in the Maintenance Phase of the support.\nOpenshift Virtualization 1 (formerly Container Native Virtualization) is Out Of Support Scope (OOSS) for Moderate and Low impact vulnerabilities.\n\nRed Hat Gluster Storage 3 shipped multi-cloud-object-gateway-cli and noobaa-operator container as a technical preview and is not currently planned to be addressed in future updates.\n\nOpenShift Container Platform (OCP) 4.5 and earlier are built with Go versions earlier than 1.14, which are not affected by this vulnerability. OCP 4.6 is built with Go 1.15 and is affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOSE-4.7:cri-tools-0:1.20.0-2.el7.src",
"7Server-RH7-RHOSE-4.7:cri-tools-0:1.20.0-2.el7.x86_64",
"7Server-RH7-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el7.x86_64",
"7Server-RH7-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.src",
"7Server-RH7-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64",
"7Server-RH7-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64",
"8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.ppc64le",
"8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.s390x",
"8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.src",
"8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.x86_64",
"8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.ppc64le",
"8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.s390x",
"8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.x86_64",
"8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.ppc64le",
"8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.s390x",
"8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.x86_64",
"8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
"8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
"8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.src",
"8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64",
"8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
"8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
"8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64",
"8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
"8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
"8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64"
],
"known_not_affected": [
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el7.src",
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el7.x86_64",
"7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202105111743.p0.git.75370d3.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202105111743.p0.git.e1b19c2.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202105111743.p0.git.e1b19c2.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202105111743.p0.git.e1b19c2.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202105111743.p0.git.95881af.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el7.x86_64",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.ppc64le",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.s390x",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.src",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
"8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.src",
"8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
"8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.src",
"8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:jenkins-0:2.277.3.1620393611-1.el8.noarch",
"8Base-RHOSE-4.7:jenkins-0:2.277.3.1620393611-1.el8.src",
"8Base-RHOSE-4.7:openshift-0:4.7.0-202105111743.p0.git.75370d3.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.s390x",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.x86_64",
"8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202105111743.p0.git.95881af.el8.x86_64",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.s390x",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.x86_64",
"8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202105111743.p0.git.36c2cdd.el8.src",
"8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
"8Base-RHOSE-4.7:openstack-ironic-1:16.0.4-0.20210510131210.6787142.el8.src",
"8Base-RHOSE-4.7:openstack-ironic-api-1:16.0.4-0.20210510131210.6787142.el8.noarch",
"8Base-RHOSE-4.7:openstack-ironic-common-1:16.0.4-0.20210510131210.6787142.el8.noarch",
"8Base-RHOSE-4.7:openstack-ironic-conductor-1:16.0.4-0.20210510131210.6787142.el8.noarch",
"8Base-RHOSE-4.7:python3-ironic-tests-1:16.0.4-0.20210510131210.6787142.el8.noarch",
"8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-28362"
},
{
"category": "external",
"summary": "RHBZ#1897635",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1897635"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-28362",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28362"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-28362",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28362"
}
],
"release_date": "2020-11-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-19T15:03:37+00:00",
"details": "For OpenShift Container Platform 4.7 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html",
"product_ids": [
"7Server-RH7-RHOSE-4.7:cri-tools-0:1.20.0-2.el7.src",
"7Server-RH7-RHOSE-4.7:cri-tools-0:1.20.0-2.el7.x86_64",
"7Server-RH7-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el7.x86_64",
"7Server-RH7-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.src",
"7Server-RH7-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64",
"7Server-RH7-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64",
"8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.ppc64le",
"8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.s390x",
"8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.src",
"8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.x86_64",
"8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.ppc64le",
"8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.s390x",
"8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.x86_64",
"8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.ppc64le",
"8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.s390x",
"8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.x86_64",
"8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
"8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
"8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.src",
"8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64",
"8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
"8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
"8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64",
"8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
"8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
"8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:1551"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el7.src",
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el7.x86_64",
"7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el7.x86_64",
"7Server-RH7-RHOSE-4.7:cri-tools-0:1.20.0-2.el7.src",
"7Server-RH7-RHOSE-4.7:cri-tools-0:1.20.0-2.el7.x86_64",
"7Server-RH7-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202105111743.p0.git.75370d3.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202105111743.p0.git.e1b19c2.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202105111743.p0.git.e1b19c2.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202105111743.p0.git.e1b19c2.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202105111743.p0.git.95881af.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el7.x86_64",
"7Server-RH7-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.src",
"7Server-RH7-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64",
"7Server-RH7-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.ppc64le",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.s390x",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.src",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
"8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.src",
"8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
"8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.ppc64le",
"8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.s390x",
"8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.src",
"8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.x86_64",
"8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.ppc64le",
"8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.s390x",
"8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.x86_64",
"8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.ppc64le",
"8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.s390x",
"8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.x86_64",
"8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.src",
"8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:jenkins-0:2.277.3.1620393611-1.el8.noarch",
"8Base-RHOSE-4.7:jenkins-0:2.277.3.1620393611-1.el8.src",
"8Base-RHOSE-4.7:openshift-0:4.7.0-202105111743.p0.git.75370d3.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.s390x",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.x86_64",
"8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202105111743.p0.git.95881af.el8.x86_64",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.s390x",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.x86_64",
"8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202105111743.p0.git.36c2cdd.el8.src",
"8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
"8Base-RHOSE-4.7:openstack-ironic-1:16.0.4-0.20210510131210.6787142.el8.src",
"8Base-RHOSE-4.7:openstack-ironic-api-1:16.0.4-0.20210510131210.6787142.el8.noarch",
"8Base-RHOSE-4.7:openstack-ironic-common-1:16.0.4-0.20210510131210.6787142.el8.noarch",
"8Base-RHOSE-4.7:openstack-ironic-conductor-1:16.0.4-0.20210510131210.6787142.el8.noarch",
"8Base-RHOSE-4.7:python3-ironic-tests-1:16.0.4-0.20210510131210.6787142.el8.noarch",
"8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
"8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
"8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
"8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.src",
"8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64",
"8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
"8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
"8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64",
"8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
"8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
"8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: math/big: panic during recursive division of very large numbers"
},
{
"cve": "CVE-2021-3114",
"cwe": {
"id": "CWE-682",
"name": "Incorrect Calculation"
},
"discovery_date": "2021-01-21T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el7.src",
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el7.x86_64",
"7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202105111743.p0.git.75370d3.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202105111743.p0.git.e1b19c2.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202105111743.p0.git.e1b19c2.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202105111743.p0.git.e1b19c2.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202105111743.p0.git.95881af.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el7.x86_64",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.ppc64le",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.s390x",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.src",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
"8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.src",
"8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
"8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.src",
"8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:jenkins-0:2.277.3.1620393611-1.el8.noarch",
"8Base-RHOSE-4.7:jenkins-0:2.277.3.1620393611-1.el8.src",
"8Base-RHOSE-4.7:openshift-0:4.7.0-202105111743.p0.git.75370d3.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.s390x",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.x86_64",
"8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202105111743.p0.git.95881af.el8.x86_64",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.s390x",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.x86_64",
"8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202105111743.p0.git.36c2cdd.el8.src",
"8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
"8Base-RHOSE-4.7:openstack-ironic-1:16.0.4-0.20210510131210.6787142.el8.src",
"8Base-RHOSE-4.7:openstack-ironic-api-1:16.0.4-0.20210510131210.6787142.el8.noarch",
"8Base-RHOSE-4.7:openstack-ironic-common-1:16.0.4-0.20210510131210.6787142.el8.noarch",
"8Base-RHOSE-4.7:openstack-ironic-conductor-1:16.0.4-0.20210510131210.6787142.el8.noarch",
"8Base-RHOSE-4.7:python3-ironic-tests-1:16.0.4-0.20210510131210.6787142.el8.noarch",
"8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1918750"
}
],
"notes": [
{
"category": "description",
"text": "A flaw detected in golang: crypto/elliptic, in which P-224 keys as generated can return incorrect inputs, reducing the strength of the cryptography. The highest threat from this vulnerability is confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/elliptic: incorrect operations on the P-224 curve",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift ServiceMesh (OSSM) 1.1 is Out Of Support Scope (OOSS) for Moderate and Low impact vulnerabilities because it is now in the Maintenance Phase of the support.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOSE-4.7:cri-tools-0:1.20.0-2.el7.src",
"7Server-RH7-RHOSE-4.7:cri-tools-0:1.20.0-2.el7.x86_64",
"7Server-RH7-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el7.x86_64",
"7Server-RH7-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.src",
"7Server-RH7-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64",
"7Server-RH7-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64",
"8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.ppc64le",
"8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.s390x",
"8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.src",
"8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.x86_64",
"8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.ppc64le",
"8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.s390x",
"8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.x86_64",
"8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.ppc64le",
"8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.s390x",
"8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.x86_64",
"8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
"8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
"8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.src",
"8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64",
"8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
"8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
"8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64",
"8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
"8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
"8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64"
],
"known_not_affected": [
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el7.src",
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el7.x86_64",
"7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202105111743.p0.git.75370d3.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202105111743.p0.git.e1b19c2.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202105111743.p0.git.e1b19c2.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202105111743.p0.git.e1b19c2.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202105111743.p0.git.95881af.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el7.x86_64",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.ppc64le",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.s390x",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.src",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
"8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.src",
"8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
"8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.src",
"8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:jenkins-0:2.277.3.1620393611-1.el8.noarch",
"8Base-RHOSE-4.7:jenkins-0:2.277.3.1620393611-1.el8.src",
"8Base-RHOSE-4.7:openshift-0:4.7.0-202105111743.p0.git.75370d3.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.s390x",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.x86_64",
"8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202105111743.p0.git.95881af.el8.x86_64",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.s390x",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.x86_64",
"8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202105111743.p0.git.36c2cdd.el8.src",
"8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
"8Base-RHOSE-4.7:openstack-ironic-1:16.0.4-0.20210510131210.6787142.el8.src",
"8Base-RHOSE-4.7:openstack-ironic-api-1:16.0.4-0.20210510131210.6787142.el8.noarch",
"8Base-RHOSE-4.7:openstack-ironic-common-1:16.0.4-0.20210510131210.6787142.el8.noarch",
"8Base-RHOSE-4.7:openstack-ironic-conductor-1:16.0.4-0.20210510131210.6787142.el8.noarch",
"8Base-RHOSE-4.7:python3-ironic-tests-1:16.0.4-0.20210510131210.6787142.el8.noarch",
"8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-3114"
},
{
"category": "external",
"summary": "RHBZ#1918750",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1918750"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-3114",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3114"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3114",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3114"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/mperVMGa98w",
"url": "https://groups.google.com/g/golang-announce/c/mperVMGa98w"
}
],
"release_date": "2021-01-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-19T15:03:37+00:00",
"details": "For OpenShift Container Platform 4.7 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html",
"product_ids": [
"7Server-RH7-RHOSE-4.7:cri-tools-0:1.20.0-2.el7.src",
"7Server-RH7-RHOSE-4.7:cri-tools-0:1.20.0-2.el7.x86_64",
"7Server-RH7-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el7.x86_64",
"7Server-RH7-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.src",
"7Server-RH7-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64",
"7Server-RH7-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64",
"8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.ppc64le",
"8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.s390x",
"8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.src",
"8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.x86_64",
"8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.ppc64le",
"8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.s390x",
"8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.x86_64",
"8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.ppc64le",
"8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.s390x",
"8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.x86_64",
"8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
"8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
"8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.src",
"8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64",
"8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
"8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
"8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64",
"8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
"8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
"8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:1551"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el7.src",
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el7.x86_64",
"7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el7.x86_64",
"7Server-RH7-RHOSE-4.7:cri-tools-0:1.20.0-2.el7.src",
"7Server-RH7-RHOSE-4.7:cri-tools-0:1.20.0-2.el7.x86_64",
"7Server-RH7-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202105111743.p0.git.75370d3.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202105111743.p0.git.e1b19c2.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202105111743.p0.git.e1b19c2.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202105111743.p0.git.e1b19c2.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202105111743.p0.git.95881af.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el7.x86_64",
"7Server-RH7-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.src",
"7Server-RH7-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64",
"7Server-RH7-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.ppc64le",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.s390x",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.src",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
"8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.src",
"8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
"8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.ppc64le",
"8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.s390x",
"8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.src",
"8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.x86_64",
"8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.ppc64le",
"8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.s390x",
"8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.x86_64",
"8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.ppc64le",
"8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.s390x",
"8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.x86_64",
"8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.src",
"8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:jenkins-0:2.277.3.1620393611-1.el8.noarch",
"8Base-RHOSE-4.7:jenkins-0:2.277.3.1620393611-1.el8.src",
"8Base-RHOSE-4.7:openshift-0:4.7.0-202105111743.p0.git.75370d3.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.s390x",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.x86_64",
"8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202105111743.p0.git.95881af.el8.x86_64",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.s390x",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.x86_64",
"8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202105111743.p0.git.36c2cdd.el8.src",
"8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
"8Base-RHOSE-4.7:openstack-ironic-1:16.0.4-0.20210510131210.6787142.el8.src",
"8Base-RHOSE-4.7:openstack-ironic-api-1:16.0.4-0.20210510131210.6787142.el8.noarch",
"8Base-RHOSE-4.7:openstack-ironic-common-1:16.0.4-0.20210510131210.6787142.el8.noarch",
"8Base-RHOSE-4.7:openstack-ironic-conductor-1:16.0.4-0.20210510131210.6787142.el8.noarch",
"8Base-RHOSE-4.7:python3-ironic-tests-1:16.0.4-0.20210510131210.6787142.el8.noarch",
"8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
"8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
"8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
"8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.src",
"8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64",
"8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
"8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
"8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64",
"8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
"8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
"8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/elliptic: incorrect operations on the P-224 curve"
},
{
"cve": "CVE-2021-21639",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2021-04-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el7.src",
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el7.x86_64",
"7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el7.x86_64",
"7Server-RH7-RHOSE-4.7:cri-tools-0:1.20.0-2.el7.src",
"7Server-RH7-RHOSE-4.7:cri-tools-0:1.20.0-2.el7.x86_64",
"7Server-RH7-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202105111743.p0.git.75370d3.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202105111743.p0.git.e1b19c2.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202105111743.p0.git.e1b19c2.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202105111743.p0.git.e1b19c2.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202105111743.p0.git.95881af.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el7.x86_64",
"7Server-RH7-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.src",
"7Server-RH7-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64",
"7Server-RH7-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.ppc64le",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.s390x",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.src",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
"8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.src",
"8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
"8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.ppc64le",
"8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.s390x",
"8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.src",
"8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.x86_64",
"8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.ppc64le",
"8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.s390x",
"8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.x86_64",
"8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.ppc64le",
"8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.s390x",
"8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.x86_64",
"8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.src",
"8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:openshift-0:4.7.0-202105111743.p0.git.75370d3.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.s390x",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.x86_64",
"8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202105111743.p0.git.95881af.el8.x86_64",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.s390x",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.x86_64",
"8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202105111743.p0.git.36c2cdd.el8.src",
"8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
"8Base-RHOSE-4.7:openstack-ironic-1:16.0.4-0.20210510131210.6787142.el8.src",
"8Base-RHOSE-4.7:openstack-ironic-api-1:16.0.4-0.20210510131210.6787142.el8.noarch",
"8Base-RHOSE-4.7:openstack-ironic-common-1:16.0.4-0.20210510131210.6787142.el8.noarch",
"8Base-RHOSE-4.7:openstack-ironic-conductor-1:16.0.4-0.20210510131210.6787142.el8.noarch",
"8Base-RHOSE-4.7:python3-ironic-tests-1:16.0.4-0.20210510131210.6787142.el8.noarch",
"8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
"8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
"8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
"8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.src",
"8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64",
"8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
"8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
"8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64",
"8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
"8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
"8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1947102"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jenkins. Due to lack of validation of type of object created after loading the data submitted to the config.xml REST API endpoint of a node, an attackers with Computer/Configure permission are able to replace a node with one of a different type.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jenkins: lack of type validation in agent related REST API",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.7:jenkins-0:2.277.3.1620393611-1.el8.noarch",
"8Base-RHOSE-4.7:jenkins-0:2.277.3.1620393611-1.el8.src"
],
"known_not_affected": [
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el7.src",
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el7.x86_64",
"7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el7.x86_64",
"7Server-RH7-RHOSE-4.7:cri-tools-0:1.20.0-2.el7.src",
"7Server-RH7-RHOSE-4.7:cri-tools-0:1.20.0-2.el7.x86_64",
"7Server-RH7-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202105111743.p0.git.75370d3.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202105111743.p0.git.e1b19c2.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202105111743.p0.git.e1b19c2.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202105111743.p0.git.e1b19c2.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202105111743.p0.git.95881af.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el7.x86_64",
"7Server-RH7-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.src",
"7Server-RH7-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64",
"7Server-RH7-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.ppc64le",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.s390x",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.src",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
"8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.src",
"8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
"8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.ppc64le",
"8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.s390x",
"8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.src",
"8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.x86_64",
"8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.ppc64le",
"8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.s390x",
"8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.x86_64",
"8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.ppc64le",
"8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.s390x",
"8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.x86_64",
"8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.src",
"8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:openshift-0:4.7.0-202105111743.p0.git.75370d3.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.s390x",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.x86_64",
"8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202105111743.p0.git.95881af.el8.x86_64",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.s390x",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.x86_64",
"8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202105111743.p0.git.36c2cdd.el8.src",
"8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
"8Base-RHOSE-4.7:openstack-ironic-1:16.0.4-0.20210510131210.6787142.el8.src",
"8Base-RHOSE-4.7:openstack-ironic-api-1:16.0.4-0.20210510131210.6787142.el8.noarch",
"8Base-RHOSE-4.7:openstack-ironic-common-1:16.0.4-0.20210510131210.6787142.el8.noarch",
"8Base-RHOSE-4.7:openstack-ironic-conductor-1:16.0.4-0.20210510131210.6787142.el8.noarch",
"8Base-RHOSE-4.7:python3-ironic-tests-1:16.0.4-0.20210510131210.6787142.el8.noarch",
"8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
"8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
"8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
"8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.src",
"8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64",
"8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
"8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
"8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64",
"8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
"8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
"8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-21639"
},
{
"category": "external",
"summary": "RHBZ#1947102",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1947102"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-21639",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21639"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21639",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21639"
}
],
"release_date": "2021-04-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-19T15:03:37+00:00",
"details": "For OpenShift Container Platform 4.7 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html",
"product_ids": [
"8Base-RHOSE-4.7:jenkins-0:2.277.3.1620393611-1.el8.noarch",
"8Base-RHOSE-4.7:jenkins-0:2.277.3.1620393611-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:1551"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el7.src",
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el7.x86_64",
"7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el7.x86_64",
"7Server-RH7-RHOSE-4.7:cri-tools-0:1.20.0-2.el7.src",
"7Server-RH7-RHOSE-4.7:cri-tools-0:1.20.0-2.el7.x86_64",
"7Server-RH7-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202105111743.p0.git.75370d3.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202105111743.p0.git.e1b19c2.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202105111743.p0.git.e1b19c2.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202105111743.p0.git.e1b19c2.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202105111743.p0.git.95881af.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el7.x86_64",
"7Server-RH7-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.src",
"7Server-RH7-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64",
"7Server-RH7-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.ppc64le",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.s390x",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.src",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
"8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.src",
"8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
"8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.ppc64le",
"8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.s390x",
"8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.src",
"8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.x86_64",
"8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.ppc64le",
"8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.s390x",
"8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.x86_64",
"8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.ppc64le",
"8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.s390x",
"8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.x86_64",
"8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.src",
"8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:jenkins-0:2.277.3.1620393611-1.el8.noarch",
"8Base-RHOSE-4.7:jenkins-0:2.277.3.1620393611-1.el8.src",
"8Base-RHOSE-4.7:openshift-0:4.7.0-202105111743.p0.git.75370d3.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.s390x",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.x86_64",
"8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202105111743.p0.git.95881af.el8.x86_64",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.s390x",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.x86_64",
"8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202105111743.p0.git.36c2cdd.el8.src",
"8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
"8Base-RHOSE-4.7:openstack-ironic-1:16.0.4-0.20210510131210.6787142.el8.src",
"8Base-RHOSE-4.7:openstack-ironic-api-1:16.0.4-0.20210510131210.6787142.el8.noarch",
"8Base-RHOSE-4.7:openstack-ironic-common-1:16.0.4-0.20210510131210.6787142.el8.noarch",
"8Base-RHOSE-4.7:openstack-ironic-conductor-1:16.0.4-0.20210510131210.6787142.el8.noarch",
"8Base-RHOSE-4.7:python3-ironic-tests-1:16.0.4-0.20210510131210.6787142.el8.noarch",
"8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
"8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
"8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
"8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.src",
"8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64",
"8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
"8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
"8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64",
"8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
"8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
"8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "jenkins: lack of type validation in agent related REST API"
},
{
"cve": "CVE-2021-21640",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2021-04-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el7.src",
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el7.x86_64",
"7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el7.x86_64",
"7Server-RH7-RHOSE-4.7:cri-tools-0:1.20.0-2.el7.src",
"7Server-RH7-RHOSE-4.7:cri-tools-0:1.20.0-2.el7.x86_64",
"7Server-RH7-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202105111743.p0.git.75370d3.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202105111743.p0.git.e1b19c2.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202105111743.p0.git.e1b19c2.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202105111743.p0.git.e1b19c2.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202105111743.p0.git.95881af.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el7.x86_64",
"7Server-RH7-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.src",
"7Server-RH7-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64",
"7Server-RH7-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.ppc64le",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.s390x",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.src",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
"8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.src",
"8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
"8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.ppc64le",
"8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.s390x",
"8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.src",
"8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.x86_64",
"8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.ppc64le",
"8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.s390x",
"8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.x86_64",
"8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.ppc64le",
"8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.s390x",
"8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.x86_64",
"8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.src",
"8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:openshift-0:4.7.0-202105111743.p0.git.75370d3.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.s390x",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.x86_64",
"8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202105111743.p0.git.95881af.el8.x86_64",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.s390x",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.x86_64",
"8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202105111743.p0.git.36c2cdd.el8.src",
"8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
"8Base-RHOSE-4.7:openstack-ironic-1:16.0.4-0.20210510131210.6787142.el8.src",
"8Base-RHOSE-4.7:openstack-ironic-api-1:16.0.4-0.20210510131210.6787142.el8.noarch",
"8Base-RHOSE-4.7:openstack-ironic-common-1:16.0.4-0.20210510131210.6787142.el8.noarch",
"8Base-RHOSE-4.7:openstack-ironic-conductor-1:16.0.4-0.20210510131210.6787142.el8.noarch",
"8Base-RHOSE-4.7:python3-ironic-tests-1:16.0.4-0.20210510131210.6787142.el8.noarch",
"8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
"8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
"8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
"8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.src",
"8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64",
"8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
"8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
"8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64",
"8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
"8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
"8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1947105"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jenkins. Due to lack of validation of the newly created view name, an attackers with View/Create permission are allowed to create views with invalid or already-used names.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jenkins: view name validation bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.7:jenkins-0:2.277.3.1620393611-1.el8.noarch",
"8Base-RHOSE-4.7:jenkins-0:2.277.3.1620393611-1.el8.src"
],
"known_not_affected": [
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el7.src",
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el7.x86_64",
"7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el7.x86_64",
"7Server-RH7-RHOSE-4.7:cri-tools-0:1.20.0-2.el7.src",
"7Server-RH7-RHOSE-4.7:cri-tools-0:1.20.0-2.el7.x86_64",
"7Server-RH7-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202105111743.p0.git.75370d3.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202105111743.p0.git.e1b19c2.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202105111743.p0.git.e1b19c2.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202105111743.p0.git.e1b19c2.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202105111743.p0.git.95881af.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el7.x86_64",
"7Server-RH7-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.src",
"7Server-RH7-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64",
"7Server-RH7-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.ppc64le",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.s390x",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.src",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
"8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.src",
"8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
"8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.ppc64le",
"8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.s390x",
"8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.src",
"8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.x86_64",
"8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.ppc64le",
"8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.s390x",
"8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.x86_64",
"8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.ppc64le",
"8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.s390x",
"8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.x86_64",
"8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.src",
"8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:openshift-0:4.7.0-202105111743.p0.git.75370d3.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.s390x",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.x86_64",
"8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202105111743.p0.git.95881af.el8.x86_64",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.s390x",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.x86_64",
"8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202105111743.p0.git.36c2cdd.el8.src",
"8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
"8Base-RHOSE-4.7:openstack-ironic-1:16.0.4-0.20210510131210.6787142.el8.src",
"8Base-RHOSE-4.7:openstack-ironic-api-1:16.0.4-0.20210510131210.6787142.el8.noarch",
"8Base-RHOSE-4.7:openstack-ironic-common-1:16.0.4-0.20210510131210.6787142.el8.noarch",
"8Base-RHOSE-4.7:openstack-ironic-conductor-1:16.0.4-0.20210510131210.6787142.el8.noarch",
"8Base-RHOSE-4.7:python3-ironic-tests-1:16.0.4-0.20210510131210.6787142.el8.noarch",
"8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
"8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
"8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
"8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.src",
"8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64",
"8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
"8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
"8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64",
"8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
"8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
"8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-21640"
},
{
"category": "external",
"summary": "RHBZ#1947105",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1947105"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-21640",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21640"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21640",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21640"
}
],
"release_date": "2021-04-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-19T15:03:37+00:00",
"details": "For OpenShift Container Platform 4.7 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html",
"product_ids": [
"8Base-RHOSE-4.7:jenkins-0:2.277.3.1620393611-1.el8.noarch",
"8Base-RHOSE-4.7:jenkins-0:2.277.3.1620393611-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:1551"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el7.src",
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el7.x86_64",
"7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el7.x86_64",
"7Server-RH7-RHOSE-4.7:cri-tools-0:1.20.0-2.el7.src",
"7Server-RH7-RHOSE-4.7:cri-tools-0:1.20.0-2.el7.x86_64",
"7Server-RH7-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202105111743.p0.git.75370d3.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202105111743.p0.git.e1b19c2.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202105111743.p0.git.e1b19c2.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202105111743.p0.git.e1b19c2.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202105111743.p0.git.95881af.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el7.x86_64",
"7Server-RH7-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.src",
"7Server-RH7-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64",
"7Server-RH7-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.ppc64le",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.s390x",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.src",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
"8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.src",
"8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
"8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.ppc64le",
"8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.s390x",
"8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.src",
"8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.x86_64",
"8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.ppc64le",
"8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.s390x",
"8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.x86_64",
"8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.ppc64le",
"8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.s390x",
"8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.x86_64",
"8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.src",
"8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:jenkins-0:2.277.3.1620393611-1.el8.noarch",
"8Base-RHOSE-4.7:jenkins-0:2.277.3.1620393611-1.el8.src",
"8Base-RHOSE-4.7:openshift-0:4.7.0-202105111743.p0.git.75370d3.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.s390x",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.x86_64",
"8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202105111743.p0.git.95881af.el8.x86_64",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.s390x",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.x86_64",
"8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202105111743.p0.git.36c2cdd.el8.src",
"8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
"8Base-RHOSE-4.7:openstack-ironic-1:16.0.4-0.20210510131210.6787142.el8.src",
"8Base-RHOSE-4.7:openstack-ironic-api-1:16.0.4-0.20210510131210.6787142.el8.noarch",
"8Base-RHOSE-4.7:openstack-ironic-common-1:16.0.4-0.20210510131210.6787142.el8.noarch",
"8Base-RHOSE-4.7:openstack-ironic-conductor-1:16.0.4-0.20210510131210.6787142.el8.noarch",
"8Base-RHOSE-4.7:python3-ironic-tests-1:16.0.4-0.20210510131210.6787142.el8.noarch",
"8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
"8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
"8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
"8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.src",
"8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64",
"8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
"8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
"8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64",
"8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
"8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
"8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "jenkins: view name validation bypass"
},
{
"cve": "CVE-2021-28163",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2021-04-01T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el7.src",
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el7.x86_64",
"7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el7.x86_64",
"7Server-RH7-RHOSE-4.7:cri-tools-0:1.20.0-2.el7.src",
"7Server-RH7-RHOSE-4.7:cri-tools-0:1.20.0-2.el7.x86_64",
"7Server-RH7-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202105111743.p0.git.75370d3.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202105111743.p0.git.e1b19c2.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202105111743.p0.git.e1b19c2.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202105111743.p0.git.e1b19c2.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202105111743.p0.git.95881af.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el7.x86_64",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.ppc64le",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.s390x",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.src",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
"8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.src",
"8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
"8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.ppc64le",
"8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.s390x",
"8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.src",
"8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.x86_64",
"8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.ppc64le",
"8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.s390x",
"8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.x86_64",
"8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.ppc64le",
"8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.s390x",
"8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.x86_64",
"8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.src",
"8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:openshift-0:4.7.0-202105111743.p0.git.75370d3.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.s390x",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.x86_64",
"8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202105111743.p0.git.95881af.el8.x86_64",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.s390x",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.x86_64",
"8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202105111743.p0.git.36c2cdd.el8.src",
"8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
"8Base-RHOSE-4.7:openstack-ironic-1:16.0.4-0.20210510131210.6787142.el8.src",
"8Base-RHOSE-4.7:openstack-ironic-api-1:16.0.4-0.20210510131210.6787142.el8.noarch",
"8Base-RHOSE-4.7:openstack-ironic-common-1:16.0.4-0.20210510131210.6787142.el8.noarch",
"8Base-RHOSE-4.7:openstack-ironic-conductor-1:16.0.4-0.20210510131210.6787142.el8.noarch",
"8Base-RHOSE-4.7:python3-ironic-tests-1:16.0.4-0.20210510131210.6787142.el8.noarch",
"8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1945710"
}
],
"notes": [
{
"category": "description",
"text": "If the ${jetty.base} directory or the ${jetty.base}/webapps directory is a symlink the contents of the ${jetty.base}/webapps directory may be deployed as a static web application, exposing the content of the directory for download. The highest threat from this vulnerability is to data confidentiality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty: Symlink directory exposes webapp directory contents",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In OpenShift Container Platform (OCP), the hive/presto/hadoop components that comprise the OCP metering stack, ship the vulnerable version of jetty.\nSince the release of OCP 4.6, the metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated\n\nRed Hat OpenStack Platform\u0027s OpenDaylight will not be updated for this flaw because it was deprecated as of OpenStack Platform 14 and is only receiving security fixes for Important and Critical flaws.\n\nRed Hat CodeReady Studio 12 is not affected by this vulnerability because it does not ship a vulnerable version of jetty.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.src",
"7Server-RH7-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64",
"7Server-RH7-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64",
"8Base-RHOSE-4.7:jenkins-0:2.277.3.1620393611-1.el8.noarch",
"8Base-RHOSE-4.7:jenkins-0:2.277.3.1620393611-1.el8.src",
"8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
"8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
"8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.src",
"8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64",
"8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
"8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
"8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64",
"8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
"8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
"8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64"
],
"known_not_affected": [
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el7.src",
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el7.x86_64",
"7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el7.x86_64",
"7Server-RH7-RHOSE-4.7:cri-tools-0:1.20.0-2.el7.src",
"7Server-RH7-RHOSE-4.7:cri-tools-0:1.20.0-2.el7.x86_64",
"7Server-RH7-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202105111743.p0.git.75370d3.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202105111743.p0.git.e1b19c2.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202105111743.p0.git.e1b19c2.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202105111743.p0.git.e1b19c2.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202105111743.p0.git.95881af.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el7.x86_64",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.ppc64le",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.s390x",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.src",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
"8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.src",
"8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
"8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.ppc64le",
"8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.s390x",
"8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.src",
"8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.x86_64",
"8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.ppc64le",
"8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.s390x",
"8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.x86_64",
"8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.ppc64le",
"8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.s390x",
"8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.x86_64",
"8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.src",
"8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:openshift-0:4.7.0-202105111743.p0.git.75370d3.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.s390x",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.x86_64",
"8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202105111743.p0.git.95881af.el8.x86_64",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.s390x",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.x86_64",
"8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202105111743.p0.git.36c2cdd.el8.src",
"8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
"8Base-RHOSE-4.7:openstack-ironic-1:16.0.4-0.20210510131210.6787142.el8.src",
"8Base-RHOSE-4.7:openstack-ironic-api-1:16.0.4-0.20210510131210.6787142.el8.noarch",
"8Base-RHOSE-4.7:openstack-ironic-common-1:16.0.4-0.20210510131210.6787142.el8.noarch",
"8Base-RHOSE-4.7:openstack-ironic-conductor-1:16.0.4-0.20210510131210.6787142.el8.noarch",
"8Base-RHOSE-4.7:python3-ironic-tests-1:16.0.4-0.20210510131210.6787142.el8.noarch",
"8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-28163"
},
{
"category": "external",
"summary": "RHBZ#1945710",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1945710"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-28163",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28163"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-28163",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28163"
},
{
"category": "external",
"summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-j6qj-j888-vvgq",
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-j6qj-j888-vvgq"
}
],
"release_date": "2021-04-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-19T15:03:37+00:00",
"details": "For OpenShift Container Platform 4.7 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html",
"product_ids": [
"7Server-RH7-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.src",
"7Server-RH7-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64",
"7Server-RH7-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64",
"8Base-RHOSE-4.7:jenkins-0:2.277.3.1620393611-1.el8.noarch",
"8Base-RHOSE-4.7:jenkins-0:2.277.3.1620393611-1.el8.src",
"8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
"8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
"8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.src",
"8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64",
"8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
"8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
"8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64",
"8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
"8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
"8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:1551"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el7.src",
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el7.x86_64",
"7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el7.x86_64",
"7Server-RH7-RHOSE-4.7:cri-tools-0:1.20.0-2.el7.src",
"7Server-RH7-RHOSE-4.7:cri-tools-0:1.20.0-2.el7.x86_64",
"7Server-RH7-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202105111743.p0.git.75370d3.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202105111743.p0.git.e1b19c2.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202105111743.p0.git.e1b19c2.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202105111743.p0.git.e1b19c2.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202105111743.p0.git.95881af.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el7.x86_64",
"7Server-RH7-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.src",
"7Server-RH7-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64",
"7Server-RH7-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.ppc64le",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.s390x",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.src",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
"8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.src",
"8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
"8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.ppc64le",
"8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.s390x",
"8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.src",
"8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.x86_64",
"8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.ppc64le",
"8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.s390x",
"8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.x86_64",
"8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.ppc64le",
"8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.s390x",
"8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.x86_64",
"8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.src",
"8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:jenkins-0:2.277.3.1620393611-1.el8.noarch",
"8Base-RHOSE-4.7:jenkins-0:2.277.3.1620393611-1.el8.src",
"8Base-RHOSE-4.7:openshift-0:4.7.0-202105111743.p0.git.75370d3.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.s390x",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.x86_64",
"8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202105111743.p0.git.95881af.el8.x86_64",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.s390x",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.x86_64",
"8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202105111743.p0.git.36c2cdd.el8.src",
"8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
"8Base-RHOSE-4.7:openstack-ironic-1:16.0.4-0.20210510131210.6787142.el8.src",
"8Base-RHOSE-4.7:openstack-ironic-api-1:16.0.4-0.20210510131210.6787142.el8.noarch",
"8Base-RHOSE-4.7:openstack-ironic-common-1:16.0.4-0.20210510131210.6787142.el8.noarch",
"8Base-RHOSE-4.7:openstack-ironic-conductor-1:16.0.4-0.20210510131210.6787142.el8.noarch",
"8Base-RHOSE-4.7:python3-ironic-tests-1:16.0.4-0.20210510131210.6787142.el8.noarch",
"8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
"8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
"8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
"8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.src",
"8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64",
"8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
"8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
"8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64",
"8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
"8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
"8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jetty: Symlink directory exposes webapp directory contents"
},
{
"cve": "CVE-2021-28165",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-04-01T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el7.src",
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el7.x86_64",
"7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el7.x86_64",
"7Server-RH7-RHOSE-4.7:cri-tools-0:1.20.0-2.el7.src",
"7Server-RH7-RHOSE-4.7:cri-tools-0:1.20.0-2.el7.x86_64",
"7Server-RH7-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202105111743.p0.git.75370d3.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202105111743.p0.git.e1b19c2.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202105111743.p0.git.e1b19c2.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202105111743.p0.git.e1b19c2.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202105111743.p0.git.95881af.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el7.x86_64",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.ppc64le",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.s390x",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.src",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
"8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.src",
"8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
"8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.ppc64le",
"8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.s390x",
"8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.src",
"8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.x86_64",
"8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.ppc64le",
"8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.s390x",
"8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.x86_64",
"8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.ppc64le",
"8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.s390x",
"8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.x86_64",
"8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.src",
"8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:openshift-0:4.7.0-202105111743.p0.git.75370d3.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.s390x",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.x86_64",
"8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202105111743.p0.git.95881af.el8.x86_64",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.s390x",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.x86_64",
"8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202105111743.p0.git.36c2cdd.el8.src",
"8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
"8Base-RHOSE-4.7:openstack-ironic-1:16.0.4-0.20210510131210.6787142.el8.src",
"8Base-RHOSE-4.7:openstack-ironic-api-1:16.0.4-0.20210510131210.6787142.el8.noarch",
"8Base-RHOSE-4.7:openstack-ironic-common-1:16.0.4-0.20210510131210.6787142.el8.noarch",
"8Base-RHOSE-4.7:openstack-ironic-conductor-1:16.0.4-0.20210510131210.6787142.el8.noarch",
"8Base-RHOSE-4.7:python3-ironic-tests-1:16.0.4-0.20210510131210.6787142.el8.noarch",
"8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1945714"
}
],
"notes": [
{
"category": "description",
"text": "When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing high CPU resources utilization. The highest threat from this vulnerability is to service availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty: Resource exhaustion when receiving an invalid large TLS frame",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In OpenShift Container Platform (OCP), the hive/presto/hadoop components that comprise the OCP metering stack, ship the vulnerable version of jetty.\nSince the release of OCP 4.6, the metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated\n\nRed Hat OpenStack Platform\u0027s OpenDaylight will not be updated for this flaw because it was deprecated as of OpenStack Platform 14 and is only receiving security fixes for Important and Critical flaws.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.src",
"7Server-RH7-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64",
"7Server-RH7-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64",
"8Base-RHOSE-4.7:jenkins-0:2.277.3.1620393611-1.el8.noarch",
"8Base-RHOSE-4.7:jenkins-0:2.277.3.1620393611-1.el8.src",
"8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
"8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
"8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.src",
"8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64",
"8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
"8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
"8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64",
"8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
"8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
"8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64"
],
"known_not_affected": [
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el7.src",
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el7.x86_64",
"7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el7.x86_64",
"7Server-RH7-RHOSE-4.7:cri-tools-0:1.20.0-2.el7.src",
"7Server-RH7-RHOSE-4.7:cri-tools-0:1.20.0-2.el7.x86_64",
"7Server-RH7-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202105111743.p0.git.75370d3.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202105111743.p0.git.e1b19c2.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202105111743.p0.git.e1b19c2.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202105111743.p0.git.e1b19c2.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202105111743.p0.git.95881af.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el7.x86_64",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.ppc64le",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.s390x",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.src",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
"8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.src",
"8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
"8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.ppc64le",
"8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.s390x",
"8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.src",
"8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.x86_64",
"8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.ppc64le",
"8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.s390x",
"8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.x86_64",
"8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.ppc64le",
"8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.s390x",
"8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.x86_64",
"8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.src",
"8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:openshift-0:4.7.0-202105111743.p0.git.75370d3.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.s390x",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.x86_64",
"8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202105111743.p0.git.95881af.el8.x86_64",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.s390x",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.x86_64",
"8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202105111743.p0.git.36c2cdd.el8.src",
"8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
"8Base-RHOSE-4.7:openstack-ironic-1:16.0.4-0.20210510131210.6787142.el8.src",
"8Base-RHOSE-4.7:openstack-ironic-api-1:16.0.4-0.20210510131210.6787142.el8.noarch",
"8Base-RHOSE-4.7:openstack-ironic-common-1:16.0.4-0.20210510131210.6787142.el8.noarch",
"8Base-RHOSE-4.7:openstack-ironic-conductor-1:16.0.4-0.20210510131210.6787142.el8.noarch",
"8Base-RHOSE-4.7:python3-ironic-tests-1:16.0.4-0.20210510131210.6787142.el8.noarch",
"8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-28165"
},
{
"category": "external",
"summary": "RHBZ#1945714",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1945714"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-28165",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28165"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-28165",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28165"
},
{
"category": "external",
"summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-26vr-8j45-3r4w",
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-26vr-8j45-3r4w"
}
],
"release_date": "2021-04-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-19T15:03:37+00:00",
"details": "For OpenShift Container Platform 4.7 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html",
"product_ids": [
"7Server-RH7-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.src",
"7Server-RH7-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64",
"7Server-RH7-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64",
"8Base-RHOSE-4.7:jenkins-0:2.277.3.1620393611-1.el8.noarch",
"8Base-RHOSE-4.7:jenkins-0:2.277.3.1620393611-1.el8.src",
"8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
"8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
"8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.src",
"8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64",
"8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
"8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
"8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64",
"8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
"8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
"8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:1551"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el7.src",
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el7.x86_64",
"7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el7.x86_64",
"7Server-RH7-RHOSE-4.7:cri-tools-0:1.20.0-2.el7.src",
"7Server-RH7-RHOSE-4.7:cri-tools-0:1.20.0-2.el7.x86_64",
"7Server-RH7-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202105111743.p0.git.75370d3.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202105111743.p0.git.e1b19c2.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202105111743.p0.git.e1b19c2.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202105111743.p0.git.e1b19c2.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202105111743.p0.git.95881af.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el7.x86_64",
"7Server-RH7-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.src",
"7Server-RH7-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64",
"7Server-RH7-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.ppc64le",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.s390x",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.src",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
"8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.src",
"8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
"8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.ppc64le",
"8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.s390x",
"8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.src",
"8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.x86_64",
"8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.ppc64le",
"8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.s390x",
"8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.x86_64",
"8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.ppc64le",
"8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.s390x",
"8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.x86_64",
"8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.src",
"8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:jenkins-0:2.277.3.1620393611-1.el8.noarch",
"8Base-RHOSE-4.7:jenkins-0:2.277.3.1620393611-1.el8.src",
"8Base-RHOSE-4.7:openshift-0:4.7.0-202105111743.p0.git.75370d3.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.s390x",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.x86_64",
"8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202105111743.p0.git.95881af.el8.x86_64",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.s390x",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.x86_64",
"8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202105111743.p0.git.36c2cdd.el8.src",
"8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
"8Base-RHOSE-4.7:openstack-ironic-1:16.0.4-0.20210510131210.6787142.el8.src",
"8Base-RHOSE-4.7:openstack-ironic-api-1:16.0.4-0.20210510131210.6787142.el8.noarch",
"8Base-RHOSE-4.7:openstack-ironic-common-1:16.0.4-0.20210510131210.6787142.el8.noarch",
"8Base-RHOSE-4.7:openstack-ironic-conductor-1:16.0.4-0.20210510131210.6787142.el8.noarch",
"8Base-RHOSE-4.7:python3-ironic-tests-1:16.0.4-0.20210510131210.6787142.el8.noarch",
"8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
"8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
"8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
"8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.src",
"8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64",
"8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
"8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
"8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64",
"8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
"8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
"8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jetty: Resource exhaustion when receiving an invalid large TLS frame"
}
]
}
RHSA-2021:2041
Vulnerability from csaf_redhat - Published: 2021-05-19 09:14 - Updated: 2026-05-15 02:04Summary
Red Hat Security Advisory: Red Hat OpenShift Container Storage 4.7.0 security, bug fix, and enhancement update
Severity
Moderate
Notes
Topic: Updated images which include numerous security fixes, bug fixes, and enhancements are now available for Red Hat OpenShift Container Storage 4.7.0 on Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat OpenShift Container Storage is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Container Storage is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Container Storage provisions a multicloud data management service with an S3 compatible API.
Security Fix(es):
* nodejs-y18n: prototype pollution vulnerability (CVE-2020-7774)
* kubernetes: Incomplete fix for CVE-2019-11250 allows for token leak in logs when logLevel >= 9 (CVE-2020-8565)
* jwt-go: access restriction bypass vulnerability (CVE-2020-26160)
* nodejs-date-and-time: ReDoS in parsing via date.compile (CVE-2020-26289)
* golang: math/big: panic during recursive division of very large numbers (CVE-2020-28362)
* golang: crypto/elliptic: incorrect operations on the P-224 curve (CVE-2021-3114)
* NooBaa: noobaa-operator leaking RPC AuthToken into log files (CVE-2021-3528)
* nodejs-yargs-parser: prototype pollution vulnerability (CVE-2020-7608)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
This update includes various bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Container Storage Release Notes for information on the most significant of these changes:
https://access.redhat.com/documentation/en-us/red_hat_openshift_container_storage/4.7/html-single/4.7_release_notes/index
All Red Hat OpenShift Container Storage users are advised to upgrade to these updated images.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A vulnerability was found in nodesjs-yargs-parser, where it can be tricked into adding or modifying properties of the Object.prototype using a "__proto__" payload. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
5.3 (Medium)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/mcg-core-rhel8@sha256:22037eb4c589c5ccf921cd15bb3c82d75fac298d2b53344575c2af7c22d5353c_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/mcg-core-rhel8@sha256:5b1046b56cd5d7cbde64a3cfce800b76b3bd7fb0f535ac2382e97eb8fc93314c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/mcg-core-rhel8@sha256:725dd955d4a2a4c27405d7c0d3141384c1e5bb52276056bc7ab8a35d124dcc0e_s390x | — |
Vendor Fix
fix
|
Known not affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/cephcsi-rhel8@sha256:779479e90095b760fdca7da317aaf09f76b453aa262bd3c1ac0f41f7af483a2d_ppc64le | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/cephcsi-rhel8@sha256:ac0ed0ba8ef78e3b46dcf6936f7d97ac4c0f85ac596f263880b56a12dac36234_amd64 | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/cephcsi-rhel8@sha256:c7b09f1114aa36be379a9f52b3f156499bcd31d7537f1235a364129d1382497c_s390x | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/mcg-rhel8-operator@sha256:21e57d86bcf007a70bc5e14ff5f0380a1ea26c4d2d2cdf191e9289d04b1f06e7_amd64 | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/mcg-rhel8-operator@sha256:94dccc304395df6d8b37f8371737646d07cf289f83b30c78c353e9a4dec05b76_s390x | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/mcg-rhel8-operator@sha256:bae35f5a3ac521dedd50d8852920f99a3f1c94d1a31a51856eefa24e94516142_ppc64le | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/ocs-must-gather-rhel8@sha256:5e4df11fa489a5aa7a03ff3983c9a35143e3a76667ea652c39b499dbacb9a11d_ppc64le | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/ocs-must-gather-rhel8@sha256:6512915dabeef1d170bd2a61339d6849c175082151bc2f273bef1036738456e0_s390x | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/ocs-must-gather-rhel8@sha256:ca93487e2344a02ab4da0eb010608082134c7e136f2b3cfa51a2d04b10313b3c_amd64 | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/ocs-operator-bundle@sha256:70c98f7353bd302c55e6fa2f51cb4385309aafeb4a2901c94b44cee2846679fc_amd64 | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/ocs-operator-bundle@sha256:97f334a7c2d147e0cfded896355f7406bd2c893783011e345dbcb474850d0047_ppc64le | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/ocs-operator-bundle@sha256:bce44dc4b764b9b3e99d5d2cdc2242667195d6802ee1a5f1f692aa6e633e5660_s390x | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/ocs-rhel8-operator@sha256:7dca985a1723e1c2169124a70182fd29a633ac7b9e9fa28ae24635e203003bc6_ppc64le | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/ocs-rhel8-operator@sha256:e715a9a62462de6c45ca82a3acc5d622d2df12ce965d226eb0a90f1cbfa212c5_s390x | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/ocs-rhel8-operator@sha256:f6319e4d6e32109deeaebe4d99cc18fd5a272c0655ba73fe2521ca63981efba6_amd64 | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/rook-ceph-rhel8-operator@sha256:1c57a22591b2277403200cf3e254badcc827416fc01efabfd12c03c265a491b2_s390x | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/rook-ceph-rhel8-operator@sha256:de99a6b3cefa44dd22c637cfa2fb54c60d2b0e14970466cea19979e2e59668c7_amd64 | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/rook-ceph-rhel8-operator@sha256:e25dc5fd74d37ea3b00898557b71cdefc7d508e748bfb230e18db7c2e3d526f4_ppc64le | — |
Threats
Impact
Low
A flaw was found in nodejs-y18n. There is a prototype pollution vulnerability in y18n's locale functionality. If an attacker is able to provide untrusted input via locale, they may be able to cause denial of service or in rare circumstances, impact to data integrity or confidentiality.
7.3 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/mcg-core-rhel8@sha256:22037eb4c589c5ccf921cd15bb3c82d75fac298d2b53344575c2af7c22d5353c_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/mcg-core-rhel8@sha256:5b1046b56cd5d7cbde64a3cfce800b76b3bd7fb0f535ac2382e97eb8fc93314c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/mcg-core-rhel8@sha256:725dd955d4a2a4c27405d7c0d3141384c1e5bb52276056bc7ab8a35d124dcc0e_s390x | — |
Vendor Fix
fix
|
Known not affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/cephcsi-rhel8@sha256:779479e90095b760fdca7da317aaf09f76b453aa262bd3c1ac0f41f7af483a2d_ppc64le | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/cephcsi-rhel8@sha256:ac0ed0ba8ef78e3b46dcf6936f7d97ac4c0f85ac596f263880b56a12dac36234_amd64 | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/cephcsi-rhel8@sha256:c7b09f1114aa36be379a9f52b3f156499bcd31d7537f1235a364129d1382497c_s390x | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/mcg-rhel8-operator@sha256:21e57d86bcf007a70bc5e14ff5f0380a1ea26c4d2d2cdf191e9289d04b1f06e7_amd64 | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/mcg-rhel8-operator@sha256:94dccc304395df6d8b37f8371737646d07cf289f83b30c78c353e9a4dec05b76_s390x | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/mcg-rhel8-operator@sha256:bae35f5a3ac521dedd50d8852920f99a3f1c94d1a31a51856eefa24e94516142_ppc64le | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/ocs-must-gather-rhel8@sha256:5e4df11fa489a5aa7a03ff3983c9a35143e3a76667ea652c39b499dbacb9a11d_ppc64le | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/ocs-must-gather-rhel8@sha256:6512915dabeef1d170bd2a61339d6849c175082151bc2f273bef1036738456e0_s390x | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/ocs-must-gather-rhel8@sha256:ca93487e2344a02ab4da0eb010608082134c7e136f2b3cfa51a2d04b10313b3c_amd64 | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/ocs-operator-bundle@sha256:70c98f7353bd302c55e6fa2f51cb4385309aafeb4a2901c94b44cee2846679fc_amd64 | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/ocs-operator-bundle@sha256:97f334a7c2d147e0cfded896355f7406bd2c893783011e345dbcb474850d0047_ppc64le | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/ocs-operator-bundle@sha256:bce44dc4b764b9b3e99d5d2cdc2242667195d6802ee1a5f1f692aa6e633e5660_s390x | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/ocs-rhel8-operator@sha256:7dca985a1723e1c2169124a70182fd29a633ac7b9e9fa28ae24635e203003bc6_ppc64le | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/ocs-rhel8-operator@sha256:e715a9a62462de6c45ca82a3acc5d622d2df12ce965d226eb0a90f1cbfa212c5_s390x | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/ocs-rhel8-operator@sha256:f6319e4d6e32109deeaebe4d99cc18fd5a272c0655ba73fe2521ca63981efba6_amd64 | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/rook-ceph-rhel8-operator@sha256:1c57a22591b2277403200cf3e254badcc827416fc01efabfd12c03c265a491b2_s390x | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/rook-ceph-rhel8-operator@sha256:de99a6b3cefa44dd22c637cfa2fb54c60d2b0e14970466cea19979e2e59668c7_amd64 | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/rook-ceph-rhel8-operator@sha256:e25dc5fd74d37ea3b00898557b71cdefc7d508e748bfb230e18db7c2e3d526f4_ppc64le | — |
Threats
Impact
Low
A flaw was found in kubernetes. In Kubernetes, if the logging level is to at least 9, authorization and bearer tokens will be written to log files. This can occur both in API server logs and client tool output like `kubectl`. Previously, CVE-2019-11250 was assigned for the same issue for logging levels of at least 4.
5.3 (Medium)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/rook-ceph-rhel8-operator@sha256:1c57a22591b2277403200cf3e254badcc827416fc01efabfd12c03c265a491b2_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/rook-ceph-rhel8-operator@sha256:de99a6b3cefa44dd22c637cfa2fb54c60d2b0e14970466cea19979e2e59668c7_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/rook-ceph-rhel8-operator@sha256:e25dc5fd74d37ea3b00898557b71cdefc7d508e748bfb230e18db7c2e3d526f4_ppc64le | — |
Vendor Fix
fix
|
Known not affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/cephcsi-rhel8@sha256:779479e90095b760fdca7da317aaf09f76b453aa262bd3c1ac0f41f7af483a2d_ppc64le | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/cephcsi-rhel8@sha256:ac0ed0ba8ef78e3b46dcf6936f7d97ac4c0f85ac596f263880b56a12dac36234_amd64 | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/cephcsi-rhel8@sha256:c7b09f1114aa36be379a9f52b3f156499bcd31d7537f1235a364129d1382497c_s390x | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/mcg-core-rhel8@sha256:22037eb4c589c5ccf921cd15bb3c82d75fac298d2b53344575c2af7c22d5353c_ppc64le | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/mcg-core-rhel8@sha256:5b1046b56cd5d7cbde64a3cfce800b76b3bd7fb0f535ac2382e97eb8fc93314c_amd64 | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/mcg-core-rhel8@sha256:725dd955d4a2a4c27405d7c0d3141384c1e5bb52276056bc7ab8a35d124dcc0e_s390x | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/mcg-rhel8-operator@sha256:21e57d86bcf007a70bc5e14ff5f0380a1ea26c4d2d2cdf191e9289d04b1f06e7_amd64 | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/mcg-rhel8-operator@sha256:94dccc304395df6d8b37f8371737646d07cf289f83b30c78c353e9a4dec05b76_s390x | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/mcg-rhel8-operator@sha256:bae35f5a3ac521dedd50d8852920f99a3f1c94d1a31a51856eefa24e94516142_ppc64le | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/ocs-must-gather-rhel8@sha256:5e4df11fa489a5aa7a03ff3983c9a35143e3a76667ea652c39b499dbacb9a11d_ppc64le | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/ocs-must-gather-rhel8@sha256:6512915dabeef1d170bd2a61339d6849c175082151bc2f273bef1036738456e0_s390x | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/ocs-must-gather-rhel8@sha256:ca93487e2344a02ab4da0eb010608082134c7e136f2b3cfa51a2d04b10313b3c_amd64 | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/ocs-operator-bundle@sha256:70c98f7353bd302c55e6fa2f51cb4385309aafeb4a2901c94b44cee2846679fc_amd64 | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/ocs-operator-bundle@sha256:97f334a7c2d147e0cfded896355f7406bd2c893783011e345dbcb474850d0047_ppc64le | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/ocs-operator-bundle@sha256:bce44dc4b764b9b3e99d5d2cdc2242667195d6802ee1a5f1f692aa6e633e5660_s390x | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/ocs-rhel8-operator@sha256:7dca985a1723e1c2169124a70182fd29a633ac7b9e9fa28ae24635e203003bc6_ppc64le | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/ocs-rhel8-operator@sha256:e715a9a62462de6c45ca82a3acc5d622d2df12ce965d226eb0a90f1cbfa212c5_s390x | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/ocs-rhel8-operator@sha256:f6319e4d6e32109deeaebe4d99cc18fd5a272c0655ba73fe2521ca63981efba6_amd64 | — |
Threats
Impact
Moderate
A vulnerability was found in jwt-go where it is vulnerable to Access Restriction Bypass if m["aud"] happens to be []string{}, as allowed by the spec, the type assertion fails and the value of aud is "". This can cause audience verification to succeed even if the audiences being passed are incorrect if required is set to false.
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/mcg-rhel8-operator@sha256:21e57d86bcf007a70bc5e14ff5f0380a1ea26c4d2d2cdf191e9289d04b1f06e7_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/mcg-rhel8-operator@sha256:94dccc304395df6d8b37f8371737646d07cf289f83b30c78c353e9a4dec05b76_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/mcg-rhel8-operator@sha256:bae35f5a3ac521dedd50d8852920f99a3f1c94d1a31a51856eefa24e94516142_ppc64le | — |
Vendor Fix
fix
|
Known not affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/cephcsi-rhel8@sha256:779479e90095b760fdca7da317aaf09f76b453aa262bd3c1ac0f41f7af483a2d_ppc64le | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/cephcsi-rhel8@sha256:ac0ed0ba8ef78e3b46dcf6936f7d97ac4c0f85ac596f263880b56a12dac36234_amd64 | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/cephcsi-rhel8@sha256:c7b09f1114aa36be379a9f52b3f156499bcd31d7537f1235a364129d1382497c_s390x | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/mcg-core-rhel8@sha256:22037eb4c589c5ccf921cd15bb3c82d75fac298d2b53344575c2af7c22d5353c_ppc64le | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/mcg-core-rhel8@sha256:5b1046b56cd5d7cbde64a3cfce800b76b3bd7fb0f535ac2382e97eb8fc93314c_amd64 | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/mcg-core-rhel8@sha256:725dd955d4a2a4c27405d7c0d3141384c1e5bb52276056bc7ab8a35d124dcc0e_s390x | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/ocs-must-gather-rhel8@sha256:5e4df11fa489a5aa7a03ff3983c9a35143e3a76667ea652c39b499dbacb9a11d_ppc64le | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/ocs-must-gather-rhel8@sha256:6512915dabeef1d170bd2a61339d6849c175082151bc2f273bef1036738456e0_s390x | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/ocs-must-gather-rhel8@sha256:ca93487e2344a02ab4da0eb010608082134c7e136f2b3cfa51a2d04b10313b3c_amd64 | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/ocs-operator-bundle@sha256:70c98f7353bd302c55e6fa2f51cb4385309aafeb4a2901c94b44cee2846679fc_amd64 | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/ocs-operator-bundle@sha256:97f334a7c2d147e0cfded896355f7406bd2c893783011e345dbcb474850d0047_ppc64le | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/ocs-operator-bundle@sha256:bce44dc4b764b9b3e99d5d2cdc2242667195d6802ee1a5f1f692aa6e633e5660_s390x | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/ocs-rhel8-operator@sha256:7dca985a1723e1c2169124a70182fd29a633ac7b9e9fa28ae24635e203003bc6_ppc64le | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/ocs-rhel8-operator@sha256:e715a9a62462de6c45ca82a3acc5d622d2df12ce965d226eb0a90f1cbfa212c5_s390x | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/ocs-rhel8-operator@sha256:f6319e4d6e32109deeaebe4d99cc18fd5a272c0655ba73fe2521ca63981efba6_amd64 | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/rook-ceph-rhel8-operator@sha256:1c57a22591b2277403200cf3e254badcc827416fc01efabfd12c03c265a491b2_s390x | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/rook-ceph-rhel8-operator@sha256:de99a6b3cefa44dd22c637cfa2fb54c60d2b0e14970466cea19979e2e59668c7_amd64 | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/rook-ceph-rhel8-operator@sha256:e25dc5fd74d37ea3b00898557b71cdefc7d508e748bfb230e18db7c2e3d526f4_ppc64le | — |
Threats
Impact
Low
A flaw was found in nodejs-date-and-time. In date-and-time there a regular expression involved in parsing which can be exploited to cause a denial of service.
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/mcg-core-rhel8@sha256:22037eb4c589c5ccf921cd15bb3c82d75fac298d2b53344575c2af7c22d5353c_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/mcg-core-rhel8@sha256:5b1046b56cd5d7cbde64a3cfce800b76b3bd7fb0f535ac2382e97eb8fc93314c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/mcg-core-rhel8@sha256:725dd955d4a2a4c27405d7c0d3141384c1e5bb52276056bc7ab8a35d124dcc0e_s390x | — |
Vendor Fix
fix
|
Known not affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/cephcsi-rhel8@sha256:779479e90095b760fdca7da317aaf09f76b453aa262bd3c1ac0f41f7af483a2d_ppc64le | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/cephcsi-rhel8@sha256:ac0ed0ba8ef78e3b46dcf6936f7d97ac4c0f85ac596f263880b56a12dac36234_amd64 | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/cephcsi-rhel8@sha256:c7b09f1114aa36be379a9f52b3f156499bcd31d7537f1235a364129d1382497c_s390x | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/mcg-rhel8-operator@sha256:21e57d86bcf007a70bc5e14ff5f0380a1ea26c4d2d2cdf191e9289d04b1f06e7_amd64 | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/mcg-rhel8-operator@sha256:94dccc304395df6d8b37f8371737646d07cf289f83b30c78c353e9a4dec05b76_s390x | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/mcg-rhel8-operator@sha256:bae35f5a3ac521dedd50d8852920f99a3f1c94d1a31a51856eefa24e94516142_ppc64le | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/ocs-must-gather-rhel8@sha256:5e4df11fa489a5aa7a03ff3983c9a35143e3a76667ea652c39b499dbacb9a11d_ppc64le | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/ocs-must-gather-rhel8@sha256:6512915dabeef1d170bd2a61339d6849c175082151bc2f273bef1036738456e0_s390x | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/ocs-must-gather-rhel8@sha256:ca93487e2344a02ab4da0eb010608082134c7e136f2b3cfa51a2d04b10313b3c_amd64 | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/ocs-operator-bundle@sha256:70c98f7353bd302c55e6fa2f51cb4385309aafeb4a2901c94b44cee2846679fc_amd64 | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/ocs-operator-bundle@sha256:97f334a7c2d147e0cfded896355f7406bd2c893783011e345dbcb474850d0047_ppc64le | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/ocs-operator-bundle@sha256:bce44dc4b764b9b3e99d5d2cdc2242667195d6802ee1a5f1f692aa6e633e5660_s390x | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/ocs-rhel8-operator@sha256:7dca985a1723e1c2169124a70182fd29a633ac7b9e9fa28ae24635e203003bc6_ppc64le | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/ocs-rhel8-operator@sha256:e715a9a62462de6c45ca82a3acc5d622d2df12ce965d226eb0a90f1cbfa212c5_s390x | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/ocs-rhel8-operator@sha256:f6319e4d6e32109deeaebe4d99cc18fd5a272c0655ba73fe2521ca63981efba6_amd64 | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/rook-ceph-rhel8-operator@sha256:1c57a22591b2277403200cf3e254badcc827416fc01efabfd12c03c265a491b2_s390x | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/rook-ceph-rhel8-operator@sha256:de99a6b3cefa44dd22c637cfa2fb54c60d2b0e14970466cea19979e2e59668c7_amd64 | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/rook-ceph-rhel8-operator@sha256:e25dc5fd74d37ea3b00898557b71cdefc7d508e748bfb230e18db7c2e3d526f4_ppc64le | — |
Threats
Impact
Moderate
A flaw was found in the math/big package of Go's standard library that causes a denial of service. Applications written in Go that use math/big via cryptographic packages, including crypto/rsa and crypto/x509, are vulnerable and can potentially cause panic via a crafted certificate chain. The highest threat from this vulnerability is to system availability.
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/mcg-rhel8-operator@sha256:21e57d86bcf007a70bc5e14ff5f0380a1ea26c4d2d2cdf191e9289d04b1f06e7_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/mcg-rhel8-operator@sha256:94dccc304395df6d8b37f8371737646d07cf289f83b30c78c353e9a4dec05b76_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/mcg-rhel8-operator@sha256:bae35f5a3ac521dedd50d8852920f99a3f1c94d1a31a51856eefa24e94516142_ppc64le | — |
Vendor Fix
fix
|
Known not affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/cephcsi-rhel8@sha256:779479e90095b760fdca7da317aaf09f76b453aa262bd3c1ac0f41f7af483a2d_ppc64le | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/cephcsi-rhel8@sha256:ac0ed0ba8ef78e3b46dcf6936f7d97ac4c0f85ac596f263880b56a12dac36234_amd64 | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/cephcsi-rhel8@sha256:c7b09f1114aa36be379a9f52b3f156499bcd31d7537f1235a364129d1382497c_s390x | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/mcg-core-rhel8@sha256:22037eb4c589c5ccf921cd15bb3c82d75fac298d2b53344575c2af7c22d5353c_ppc64le | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/mcg-core-rhel8@sha256:5b1046b56cd5d7cbde64a3cfce800b76b3bd7fb0f535ac2382e97eb8fc93314c_amd64 | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/mcg-core-rhel8@sha256:725dd955d4a2a4c27405d7c0d3141384c1e5bb52276056bc7ab8a35d124dcc0e_s390x | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/ocs-must-gather-rhel8@sha256:5e4df11fa489a5aa7a03ff3983c9a35143e3a76667ea652c39b499dbacb9a11d_ppc64le | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/ocs-must-gather-rhel8@sha256:6512915dabeef1d170bd2a61339d6849c175082151bc2f273bef1036738456e0_s390x | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/ocs-must-gather-rhel8@sha256:ca93487e2344a02ab4da0eb010608082134c7e136f2b3cfa51a2d04b10313b3c_amd64 | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/ocs-operator-bundle@sha256:70c98f7353bd302c55e6fa2f51cb4385309aafeb4a2901c94b44cee2846679fc_amd64 | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/ocs-operator-bundle@sha256:97f334a7c2d147e0cfded896355f7406bd2c893783011e345dbcb474850d0047_ppc64le | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/ocs-operator-bundle@sha256:bce44dc4b764b9b3e99d5d2cdc2242667195d6802ee1a5f1f692aa6e633e5660_s390x | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/ocs-rhel8-operator@sha256:7dca985a1723e1c2169124a70182fd29a633ac7b9e9fa28ae24635e203003bc6_ppc64le | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/ocs-rhel8-operator@sha256:e715a9a62462de6c45ca82a3acc5d622d2df12ce965d226eb0a90f1cbfa212c5_s390x | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/ocs-rhel8-operator@sha256:f6319e4d6e32109deeaebe4d99cc18fd5a272c0655ba73fe2521ca63981efba6_amd64 | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/rook-ceph-rhel8-operator@sha256:1c57a22591b2277403200cf3e254badcc827416fc01efabfd12c03c265a491b2_s390x | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/rook-ceph-rhel8-operator@sha256:de99a6b3cefa44dd22c637cfa2fb54c60d2b0e14970466cea19979e2e59668c7_amd64 | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/rook-ceph-rhel8-operator@sha256:e25dc5fd74d37ea3b00898557b71cdefc7d508e748bfb230e18db7c2e3d526f4_ppc64le | — |
Threats
Impact
Moderate
A flaw detected in golang: crypto/elliptic, in which P-224 keys as generated can return incorrect inputs, reducing the strength of the cryptography. The highest threat from this vulnerability is confidentiality and integrity.
6.5 (Medium)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/mcg-rhel8-operator@sha256:21e57d86bcf007a70bc5e14ff5f0380a1ea26c4d2d2cdf191e9289d04b1f06e7_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/mcg-rhel8-operator@sha256:94dccc304395df6d8b37f8371737646d07cf289f83b30c78c353e9a4dec05b76_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/mcg-rhel8-operator@sha256:bae35f5a3ac521dedd50d8852920f99a3f1c94d1a31a51856eefa24e94516142_ppc64le | — |
Vendor Fix
fix
|
Known not affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/cephcsi-rhel8@sha256:779479e90095b760fdca7da317aaf09f76b453aa262bd3c1ac0f41f7af483a2d_ppc64le | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/cephcsi-rhel8@sha256:ac0ed0ba8ef78e3b46dcf6936f7d97ac4c0f85ac596f263880b56a12dac36234_amd64 | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/cephcsi-rhel8@sha256:c7b09f1114aa36be379a9f52b3f156499bcd31d7537f1235a364129d1382497c_s390x | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/mcg-core-rhel8@sha256:22037eb4c589c5ccf921cd15bb3c82d75fac298d2b53344575c2af7c22d5353c_ppc64le | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/mcg-core-rhel8@sha256:5b1046b56cd5d7cbde64a3cfce800b76b3bd7fb0f535ac2382e97eb8fc93314c_amd64 | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/mcg-core-rhel8@sha256:725dd955d4a2a4c27405d7c0d3141384c1e5bb52276056bc7ab8a35d124dcc0e_s390x | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/ocs-must-gather-rhel8@sha256:5e4df11fa489a5aa7a03ff3983c9a35143e3a76667ea652c39b499dbacb9a11d_ppc64le | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/ocs-must-gather-rhel8@sha256:6512915dabeef1d170bd2a61339d6849c175082151bc2f273bef1036738456e0_s390x | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/ocs-must-gather-rhel8@sha256:ca93487e2344a02ab4da0eb010608082134c7e136f2b3cfa51a2d04b10313b3c_amd64 | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/ocs-operator-bundle@sha256:70c98f7353bd302c55e6fa2f51cb4385309aafeb4a2901c94b44cee2846679fc_amd64 | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/ocs-operator-bundle@sha256:97f334a7c2d147e0cfded896355f7406bd2c893783011e345dbcb474850d0047_ppc64le | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/ocs-operator-bundle@sha256:bce44dc4b764b9b3e99d5d2cdc2242667195d6802ee1a5f1f692aa6e633e5660_s390x | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/ocs-rhel8-operator@sha256:7dca985a1723e1c2169124a70182fd29a633ac7b9e9fa28ae24635e203003bc6_ppc64le | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/ocs-rhel8-operator@sha256:e715a9a62462de6c45ca82a3acc5d622d2df12ce965d226eb0a90f1cbfa212c5_s390x | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/ocs-rhel8-operator@sha256:f6319e4d6e32109deeaebe4d99cc18fd5a272c0655ba73fe2521ca63981efba6_amd64 | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/rook-ceph-rhel8-operator@sha256:1c57a22591b2277403200cf3e254badcc827416fc01efabfd12c03c265a491b2_s390x | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/rook-ceph-rhel8-operator@sha256:de99a6b3cefa44dd22c637cfa2fb54c60d2b0e14970466cea19979e2e59668c7_amd64 | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/rook-ceph-rhel8-operator@sha256:e25dc5fd74d37ea3b00898557b71cdefc7d508e748bfb230e18db7c2e3d526f4_ppc64le | — |
Threats
Impact
Moderate
A flaw was found in NooBaa, where internal RPC AuthTokens between the noobaa operator and the noobaa core are leaked into log files. An attacker with access to the log files could use this AuthToken to gain additional access into noobaa deployment and can read/modify system configuration.
8.8 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/mcg-rhel8-operator@sha256:21e57d86bcf007a70bc5e14ff5f0380a1ea26c4d2d2cdf191e9289d04b1f06e7_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/mcg-rhel8-operator@sha256:94dccc304395df6d8b37f8371737646d07cf289f83b30c78c353e9a4dec05b76_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/mcg-rhel8-operator@sha256:bae35f5a3ac521dedd50d8852920f99a3f1c94d1a31a51856eefa24e94516142_ppc64le | — |
Vendor Fix
fix
|
Known not affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/cephcsi-rhel8@sha256:779479e90095b760fdca7da317aaf09f76b453aa262bd3c1ac0f41f7af483a2d_ppc64le | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/cephcsi-rhel8@sha256:ac0ed0ba8ef78e3b46dcf6936f7d97ac4c0f85ac596f263880b56a12dac36234_amd64 | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/cephcsi-rhel8@sha256:c7b09f1114aa36be379a9f52b3f156499bcd31d7537f1235a364129d1382497c_s390x | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/mcg-core-rhel8@sha256:22037eb4c589c5ccf921cd15bb3c82d75fac298d2b53344575c2af7c22d5353c_ppc64le | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/mcg-core-rhel8@sha256:5b1046b56cd5d7cbde64a3cfce800b76b3bd7fb0f535ac2382e97eb8fc93314c_amd64 | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/mcg-core-rhel8@sha256:725dd955d4a2a4c27405d7c0d3141384c1e5bb52276056bc7ab8a35d124dcc0e_s390x | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/ocs-must-gather-rhel8@sha256:5e4df11fa489a5aa7a03ff3983c9a35143e3a76667ea652c39b499dbacb9a11d_ppc64le | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/ocs-must-gather-rhel8@sha256:6512915dabeef1d170bd2a61339d6849c175082151bc2f273bef1036738456e0_s390x | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/ocs-must-gather-rhel8@sha256:ca93487e2344a02ab4da0eb010608082134c7e136f2b3cfa51a2d04b10313b3c_amd64 | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/ocs-operator-bundle@sha256:70c98f7353bd302c55e6fa2f51cb4385309aafeb4a2901c94b44cee2846679fc_amd64 | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/ocs-operator-bundle@sha256:97f334a7c2d147e0cfded896355f7406bd2c893783011e345dbcb474850d0047_ppc64le | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/ocs-operator-bundle@sha256:bce44dc4b764b9b3e99d5d2cdc2242667195d6802ee1a5f1f692aa6e633e5660_s390x | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/ocs-rhel8-operator@sha256:7dca985a1723e1c2169124a70182fd29a633ac7b9e9fa28ae24635e203003bc6_ppc64le | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/ocs-rhel8-operator@sha256:e715a9a62462de6c45ca82a3acc5d622d2df12ce965d226eb0a90f1cbfa212c5_s390x | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/ocs-rhel8-operator@sha256:f6319e4d6e32109deeaebe4d99cc18fd5a272c0655ba73fe2521ca63981efba6_amd64 | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/rook-ceph-rhel8-operator@sha256:1c57a22591b2277403200cf3e254badcc827416fc01efabfd12c03c265a491b2_s390x | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/rook-ceph-rhel8-operator@sha256:de99a6b3cefa44dd22c637cfa2fb54c60d2b0e14970466cea19979e2e59668c7_amd64 | — | ||
| Unresolved product id: 8Base-RH-OCS-4.7:ocs4/rook-ceph-rhel8-operator@sha256:e25dc5fd74d37ea3b00898557b71cdefc7d508e748bfb230e18db7c2e3d526f4_ppc64le | — |
Threats
Impact
Moderate
References
193 references
Acknowledgments
the Kubernetes Product Security Committee
purelyapplied
Patrick Rhomberg
Red Hat
Martin Bukatovic
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated images which include numerous security fixes, bug fixes, and enhancements are now available for Red Hat OpenShift Container Storage 4.7.0 on Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Storage is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Container Storage is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Container Storage provisions a multicloud data management service with an S3 compatible API.\n\nSecurity Fix(es):\n\n* nodejs-y18n: prototype pollution vulnerability (CVE-2020-7774)\n\n* kubernetes: Incomplete fix for CVE-2019-11250 allows for token leak in logs when logLevel \u003e= 9 (CVE-2020-8565)\n\n* jwt-go: access restriction bypass vulnerability (CVE-2020-26160)\n\n* nodejs-date-and-time: ReDoS in parsing via date.compile (CVE-2020-26289)\n\n* golang: math/big: panic during recursive division of very large numbers (CVE-2020-28362)\n\n* golang: crypto/elliptic: incorrect operations on the P-224 curve (CVE-2021-3114)\n\n* NooBaa: noobaa-operator leaking RPC AuthToken into log files (CVE-2021-3528)\n\n* nodejs-yargs-parser: prototype pollution vulnerability (CVE-2020-7608)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\nThis update includes various bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Container Storage Release Notes for information on the most significant of these changes:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_container_storage/4.7/html-single/4.7_release_notes/index\n\nAll Red Hat OpenShift Container Storage users are advised to upgrade to these updated images.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2021:2041",
"url": "https://access.redhat.com/errata/RHSA-2021:2041"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1803849",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1803849"
},
{
"category": "external",
"summary": "1814681",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1814681"
},
{
"category": "external",
"summary": "1840004",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1840004"
},
{
"category": "external",
"summary": "1850089",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850089"
},
{
"category": "external",
"summary": "1860594",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860594"
},
{
"category": "external",
"summary": "1861104",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1861104"
},
{
"category": "external",
"summary": "1861878",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1861878"
},
{
"category": "external",
"summary": "1866301",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1866301"
},
{
"category": "external",
"summary": "1869406",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1869406"
},
{
"category": "external",
"summary": "1872730",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1872730"
},
{
"category": "external",
"summary": "1874367",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1874367"
},
{
"category": "external",
"summary": "1883371",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1883371"
},
{
"category": "external",
"summary": "1886112",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1886112"
},
{
"category": "external",
"summary": "1886416",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1886416"
},
{
"category": "external",
"summary": "1886638",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1886638"
},
{
"category": "external",
"summary": "1888839",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1888839"
},
{
"category": "external",
"summary": "1892622",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1892622"
},
{
"category": "external",
"summary": "1893611",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1893611"
},
{
"category": "external",
"summary": "1893613",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1893613"
},
{
"category": "external",
"summary": "1893619",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1893619"
},
{
"category": "external",
"summary": "1894412",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1894412"
},
{
"category": "external",
"summary": "1896338",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1896338"
},
{
"category": "external",
"summary": "1897246",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1897246"
},
{
"category": "external",
"summary": "1897635",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1897635"
},
{
"category": "external",
"summary": "1898509",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898509"
},
{
"category": "external",
"summary": "1898680",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898680"
},
{
"category": "external",
"summary": "1898808",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898808"
},
{
"category": "external",
"summary": "1900711",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1900711"
},
{
"category": "external",
"summary": "1900722",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1900722"
},
{
"category": "external",
"summary": "1900749",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1900749"
},
{
"category": "external",
"summary": "1900760",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1900760"
},
{
"category": "external",
"summary": "1901134",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1901134"
},
{
"category": "external",
"summary": "1902192",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1902192"
},
{
"category": "external",
"summary": "1902685",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1902685"
},
{
"category": "external",
"summary": "1902711",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1902711"
},
{
"category": "external",
"summary": "1903973",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1903973"
},
{
"category": "external",
"summary": "1903975",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1903975"
},
{
"category": "external",
"summary": "1904302",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1904302"
},
{
"category": "external",
"summary": "1904929",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1904929"
},
{
"category": "external",
"summary": "1907318",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1907318"
},
{
"category": "external",
"summary": "1908414",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1908414"
},
{
"category": "external",
"summary": "1908678",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1908678"
},
{
"category": "external",
"summary": "1909268",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1909268"
},
{
"category": "external",
"summary": "1909488",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1909488"
},
{
"category": "external",
"summary": "1909745",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1909745"
},
{
"category": "external",
"summary": "1910705",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1910705"
},
{
"category": "external",
"summary": "1911131",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1911131"
},
{
"category": "external",
"summary": "1911266",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1911266"
},
{
"category": "external",
"summary": "1911627",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1911627"
},
{
"category": "external",
"summary": "1911789",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1911789"
},
{
"category": "external",
"summary": "1912421",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1912421"
},
{
"category": "external",
"summary": "1912894",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1912894"
},
{
"category": "external",
"summary": "1913149",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913149"
},
{
"category": "external",
"summary": "1913357",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913357"
},
{
"category": "external",
"summary": "1914132",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1914132"
},
{
"category": "external",
"summary": "1914159",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1914159"
},
{
"category": "external",
"summary": "1914215",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1914215"
},
{
"category": "external",
"summary": "1915111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1915111"
},
{
"category": "external",
"summary": "1915261",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1915261"
},
{
"category": "external",
"summary": "1915445",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1915445"
},
{
"category": "external",
"summary": "1915644",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1915644"
},
{
"category": "external",
"summary": "1915698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1915698"
},
{
"category": "external",
"summary": "1915706",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1915706"
},
{
"category": "external",
"summary": "1915730",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1915730"
},
{
"category": "external",
"summary": "1915737",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1915737"
},
{
"category": "external",
"summary": "1915758",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1915758"
},
{
"category": "external",
"summary": "1915807",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1915807"
},
{
"category": "external",
"summary": "1915851",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1915851"
},
{
"category": "external",
"summary": "1915953",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1915953"
},
{
"category": "external",
"summary": "1916850",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1916850"
},
{
"category": "external",
"summary": "1917253",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1917253"
},
{
"category": "external",
"summary": "1917815",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1917815"
},
{
"category": "external",
"summary": "1918360",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1918360"
},
{
"category": "external",
"summary": "1918750",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1918750"
},
{
"category": "external",
"summary": "1918925",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1918925"
},
{
"category": "external",
"summary": "1918938",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1918938"
},
{
"category": "external",
"summary": "1919967",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1919967"
},
{
"category": "external",
"summary": "1920202",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1920202"
},
{
"category": "external",
"summary": "1920498",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1920498"
},
{
"category": "external",
"summary": "1920507",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1920507"
},
{
"category": "external",
"summary": "1921521",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1921521"
},
{
"category": "external",
"summary": "1921540",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1921540"
},
{
"category": "external",
"summary": "1921609",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1921609"
},
{
"category": "external",
"summary": "1921625",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1921625"
},
{
"category": "external",
"summary": "1922064",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1922064"
},
{
"category": "external",
"summary": "1922108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1922108"
},
{
"category": "external",
"summary": "1922113",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1922113"
},
{
"category": "external",
"summary": "1922119",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1922119"
},
{
"category": "external",
"summary": "1922421",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1922421"
},
{
"category": "external",
"summary": "1922954",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1922954"
},
{
"category": "external",
"summary": "1924185",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1924185"
},
{
"category": "external",
"summary": "1924211",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1924211"
},
{
"category": "external",
"summary": "1924634",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1924634"
},
{
"category": "external",
"summary": "1924784",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1924784"
},
{
"category": "external",
"summary": "1924792",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1924792"
},
{
"category": "external",
"summary": "1925055",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925055"
},
{
"category": "external",
"summary": "1925179",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925179"
},
{
"category": "external",
"summary": "1925249",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925249"
},
{
"category": "external",
"summary": "1925533",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925533"
},
{
"category": "external",
"summary": "1926182",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1926182"
},
{
"category": "external",
"summary": "1926617",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1926617"
},
{
"category": "external",
"summary": "1926717",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1926717"
},
{
"category": "external",
"summary": "1926831",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1926831"
},
{
"category": "external",
"summary": "1927128",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1927128"
},
{
"category": "external",
"summary": "1927138",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1927138"
},
{
"category": "external",
"summary": "1927186",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1927186"
},
{
"category": "external",
"summary": "1927317",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1927317"
},
{
"category": "external",
"summary": "1927330",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1927330"
},
{
"category": "external",
"summary": "1927338",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1927338"
},
{
"category": "external",
"summary": "1927885",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1927885"
},
{
"category": "external",
"summary": "1928063",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928063"
},
{
"category": "external",
"summary": "1928451",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928451"
},
{
"category": "external",
"summary": "1928471",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928471"
},
{
"category": "external",
"summary": "1928487",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928487"
},
{
"category": "external",
"summary": "1928642",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928642"
},
{
"category": "external",
"summary": "1931191",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1931191"
},
{
"category": "external",
"summary": "1931810",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1931810"
},
{
"category": "external",
"summary": "1931839",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1931839"
},
{
"category": "external",
"summary": "1932400",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932400"
},
{
"category": "external",
"summary": "1933607",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1933607"
},
{
"category": "external",
"summary": "1933609",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1933609"
},
{
"category": "external",
"summary": "1933736",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1933736"
},
{
"category": "external",
"summary": "1934000",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934000"
},
{
"category": "external",
"summary": "1934990",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934990"
},
{
"category": "external",
"summary": "1935342",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1935342"
},
{
"category": "external",
"summary": "1936545",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1936545"
},
{
"category": "external",
"summary": "1936877",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1936877"
},
{
"category": "external",
"summary": "1937070",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1937070"
},
{
"category": "external",
"summary": "1937100",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1937100"
},
{
"category": "external",
"summary": "1937245",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1937245"
},
{
"category": "external",
"summary": "1937768",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1937768"
},
{
"category": "external",
"summary": "1939026",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1939026"
},
{
"category": "external",
"summary": "1939472",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1939472"
},
{
"category": "external",
"summary": "1939617",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1939617"
},
{
"category": "external",
"summary": "1940440",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1940440"
},
{
"category": "external",
"summary": "1940476",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1940476"
},
{
"category": "external",
"summary": "1940957",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1940957"
},
{
"category": "external",
"summary": "1941647",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1941647"
},
{
"category": "external",
"summary": "1941977",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1941977"
},
{
"category": "external",
"summary": "1942344",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942344"
},
{
"category": "external",
"summary": "1942350",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942350"
},
{
"category": "external",
"summary": "1942519",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942519"
},
{
"category": "external",
"summary": "1943275",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1943275"
},
{
"category": "external",
"summary": "1943596",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1943596"
},
{
"category": "external",
"summary": "1944980",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1944980"
},
{
"category": "external",
"summary": "1946592",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1946592"
},
{
"category": "external",
"summary": "1946837",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1946837"
},
{
"category": "external",
"summary": "1955328",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1955328"
},
{
"category": "external",
"summary": "1955601",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1955601"
},
{
"category": "external",
"summary": "1957187",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1957187"
},
{
"category": "external",
"summary": "1957639",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1957639"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_2041.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Container Storage 4.7.0 security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2026-05-15T02:04:32+00:00",
"generator": {
"date": "2026-05-15T02:04:32+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHSA-2021:2041",
"initial_release_date": "2021-05-19T09:14:24+00:00",
"revision_history": [
{
"date": "2021-05-19T09:14:24+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2021-05-19T09:14:24+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-15T02:04:32+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Storage 4.7 on RHEL-8",
"product": {
"name": "Red Hat OpenShift Container Storage 4.7 on RHEL-8",
"product_id": "8Base-RH-OCS-4.7",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_container_storage:4.7::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Container Storage"
},
{
"branches": [
{
"category": "product_version",
"name": "ocs4/cephcsi-rhel8@sha256:ac0ed0ba8ef78e3b46dcf6936f7d97ac4c0f85ac596f263880b56a12dac36234_amd64",
"product": {
"name": "ocs4/cephcsi-rhel8@sha256:ac0ed0ba8ef78e3b46dcf6936f7d97ac4c0f85ac596f263880b56a12dac36234_amd64",
"product_id": "ocs4/cephcsi-rhel8@sha256:ac0ed0ba8ef78e3b46dcf6936f7d97ac4c0f85ac596f263880b56a12dac36234_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cephcsi-rhel8@sha256:ac0ed0ba8ef78e3b46dcf6936f7d97ac4c0f85ac596f263880b56a12dac36234?arch=amd64\u0026repository_url=registry.redhat.io/ocs4/cephcsi-rhel8\u0026tag=4.7-102.5c44836.release_4.7"
}
}
},
{
"category": "product_version",
"name": "ocs4/mcg-core-rhel8@sha256:5b1046b56cd5d7cbde64a3cfce800b76b3bd7fb0f535ac2382e97eb8fc93314c_amd64",
"product": {
"name": "ocs4/mcg-core-rhel8@sha256:5b1046b56cd5d7cbde64a3cfce800b76b3bd7fb0f535ac2382e97eb8fc93314c_amd64",
"product_id": "ocs4/mcg-core-rhel8@sha256:5b1046b56cd5d7cbde64a3cfce800b76b3bd7fb0f535ac2382e97eb8fc93314c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mcg-core-rhel8@sha256:5b1046b56cd5d7cbde64a3cfce800b76b3bd7fb0f535ac2382e97eb8fc93314c?arch=amd64\u0026repository_url=registry.redhat.io/ocs4/mcg-core-rhel8\u0026tag=5.7.0-60.2c1fdb0.5.7"
}
}
},
{
"category": "product_version",
"name": "ocs4/mcg-rhel8-operator@sha256:21e57d86bcf007a70bc5e14ff5f0380a1ea26c4d2d2cdf191e9289d04b1f06e7_amd64",
"product": {
"name": "ocs4/mcg-rhel8-operator@sha256:21e57d86bcf007a70bc5e14ff5f0380a1ea26c4d2d2cdf191e9289d04b1f06e7_amd64",
"product_id": "ocs4/mcg-rhel8-operator@sha256:21e57d86bcf007a70bc5e14ff5f0380a1ea26c4d2d2cdf191e9289d04b1f06e7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mcg-rhel8-operator@sha256:21e57d86bcf007a70bc5e14ff5f0380a1ea26c4d2d2cdf191e9289d04b1f06e7?arch=amd64\u0026repository_url=registry.redhat.io/ocs4/mcg-rhel8-operator\u0026tag=5.7.0-69.85e2026.5.7"
}
}
},
{
"category": "product_version",
"name": "ocs4/ocs-must-gather-rhel8@sha256:ca93487e2344a02ab4da0eb010608082134c7e136f2b3cfa51a2d04b10313b3c_amd64",
"product": {
"name": "ocs4/ocs-must-gather-rhel8@sha256:ca93487e2344a02ab4da0eb010608082134c7e136f2b3cfa51a2d04b10313b3c_amd64",
"product_id": "ocs4/ocs-must-gather-rhel8@sha256:ca93487e2344a02ab4da0eb010608082134c7e136f2b3cfa51a2d04b10313b3c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-must-gather-rhel8@sha256:ca93487e2344a02ab4da0eb010608082134c7e136f2b3cfa51a2d04b10313b3c?arch=amd64\u0026repository_url=registry.redhat.io/ocs4/ocs-must-gather-rhel8\u0026tag=4.7-174.7f14177.release_4.7"
}
}
},
{
"category": "product_version",
"name": "ocs4/ocs-operator-bundle@sha256:70c98f7353bd302c55e6fa2f51cb4385309aafeb4a2901c94b44cee2846679fc_amd64",
"product": {
"name": "ocs4/ocs-operator-bundle@sha256:70c98f7353bd302c55e6fa2f51cb4385309aafeb4a2901c94b44cee2846679fc_amd64",
"product_id": "ocs4/ocs-operator-bundle@sha256:70c98f7353bd302c55e6fa2f51cb4385309aafeb4a2901c94b44cee2846679fc_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-operator-bundle@sha256:70c98f7353bd302c55e6fa2f51cb4385309aafeb4a2901c94b44cee2846679fc?arch=amd64\u0026repository_url=registry.redhat.io/ocs4/ocs-operator-bundle\u0026tag=4.7.0-11"
}
}
},
{
"category": "product_version",
"name": "ocs4/ocs-rhel8-operator@sha256:f6319e4d6e32109deeaebe4d99cc18fd5a272c0655ba73fe2521ca63981efba6_amd64",
"product": {
"name": "ocs4/ocs-rhel8-operator@sha256:f6319e4d6e32109deeaebe4d99cc18fd5a272c0655ba73fe2521ca63981efba6_amd64",
"product_id": "ocs4/ocs-rhel8-operator@sha256:f6319e4d6e32109deeaebe4d99cc18fd5a272c0655ba73fe2521ca63981efba6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-rhel8-operator@sha256:f6319e4d6e32109deeaebe4d99cc18fd5a272c0655ba73fe2521ca63981efba6?arch=amd64\u0026repository_url=registry.redhat.io/ocs4/ocs-rhel8-operator\u0026tag=4.7-174.7f14177.release_4.7"
}
}
},
{
"category": "product_version",
"name": "ocs4/rook-ceph-rhel8-operator@sha256:de99a6b3cefa44dd22c637cfa2fb54c60d2b0e14970466cea19979e2e59668c7_amd64",
"product": {
"name": "ocs4/rook-ceph-rhel8-operator@sha256:de99a6b3cefa44dd22c637cfa2fb54c60d2b0e14970466cea19979e2e59668c7_amd64",
"product_id": "ocs4/rook-ceph-rhel8-operator@sha256:de99a6b3cefa44dd22c637cfa2fb54c60d2b0e14970466cea19979e2e59668c7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rook-ceph-rhel8-operator@sha256:de99a6b3cefa44dd22c637cfa2fb54c60d2b0e14970466cea19979e2e59668c7?arch=amd64\u0026repository_url=registry.redhat.io/ocs4/rook-ceph-rhel8-operator\u0026tag=4.7-140.49a6fcf.release_4.7"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "ocs4/cephcsi-rhel8@sha256:c7b09f1114aa36be379a9f52b3f156499bcd31d7537f1235a364129d1382497c_s390x",
"product": {
"name": "ocs4/cephcsi-rhel8@sha256:c7b09f1114aa36be379a9f52b3f156499bcd31d7537f1235a364129d1382497c_s390x",
"product_id": "ocs4/cephcsi-rhel8@sha256:c7b09f1114aa36be379a9f52b3f156499bcd31d7537f1235a364129d1382497c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/cephcsi-rhel8@sha256:c7b09f1114aa36be379a9f52b3f156499bcd31d7537f1235a364129d1382497c?arch=s390x\u0026repository_url=registry.redhat.io/ocs4/cephcsi-rhel8\u0026tag=4.7-102.5c44836.release_4.7"
}
}
},
{
"category": "product_version",
"name": "ocs4/mcg-core-rhel8@sha256:725dd955d4a2a4c27405d7c0d3141384c1e5bb52276056bc7ab8a35d124dcc0e_s390x",
"product": {
"name": "ocs4/mcg-core-rhel8@sha256:725dd955d4a2a4c27405d7c0d3141384c1e5bb52276056bc7ab8a35d124dcc0e_s390x",
"product_id": "ocs4/mcg-core-rhel8@sha256:725dd955d4a2a4c27405d7c0d3141384c1e5bb52276056bc7ab8a35d124dcc0e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/mcg-core-rhel8@sha256:725dd955d4a2a4c27405d7c0d3141384c1e5bb52276056bc7ab8a35d124dcc0e?arch=s390x\u0026repository_url=registry.redhat.io/ocs4/mcg-core-rhel8\u0026tag=5.7.0-60.2c1fdb0.5.7"
}
}
},
{
"category": "product_version",
"name": "ocs4/mcg-rhel8-operator@sha256:94dccc304395df6d8b37f8371737646d07cf289f83b30c78c353e9a4dec05b76_s390x",
"product": {
"name": "ocs4/mcg-rhel8-operator@sha256:94dccc304395df6d8b37f8371737646d07cf289f83b30c78c353e9a4dec05b76_s390x",
"product_id": "ocs4/mcg-rhel8-operator@sha256:94dccc304395df6d8b37f8371737646d07cf289f83b30c78c353e9a4dec05b76_s390x",
"product_identification_helper": {
"purl": "pkg:oci/mcg-rhel8-operator@sha256:94dccc304395df6d8b37f8371737646d07cf289f83b30c78c353e9a4dec05b76?arch=s390x\u0026repository_url=registry.redhat.io/ocs4/mcg-rhel8-operator\u0026tag=5.7.0-69.85e2026.5.7"
}
}
},
{
"category": "product_version",
"name": "ocs4/ocs-must-gather-rhel8@sha256:6512915dabeef1d170bd2a61339d6849c175082151bc2f273bef1036738456e0_s390x",
"product": {
"name": "ocs4/ocs-must-gather-rhel8@sha256:6512915dabeef1d170bd2a61339d6849c175082151bc2f273bef1036738456e0_s390x",
"product_id": "ocs4/ocs-must-gather-rhel8@sha256:6512915dabeef1d170bd2a61339d6849c175082151bc2f273bef1036738456e0_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ocs-must-gather-rhel8@sha256:6512915dabeef1d170bd2a61339d6849c175082151bc2f273bef1036738456e0?arch=s390x\u0026repository_url=registry.redhat.io/ocs4/ocs-must-gather-rhel8\u0026tag=4.7-174.7f14177.release_4.7"
}
}
},
{
"category": "product_version",
"name": "ocs4/ocs-operator-bundle@sha256:bce44dc4b764b9b3e99d5d2cdc2242667195d6802ee1a5f1f692aa6e633e5660_s390x",
"product": {
"name": "ocs4/ocs-operator-bundle@sha256:bce44dc4b764b9b3e99d5d2cdc2242667195d6802ee1a5f1f692aa6e633e5660_s390x",
"product_id": "ocs4/ocs-operator-bundle@sha256:bce44dc4b764b9b3e99d5d2cdc2242667195d6802ee1a5f1f692aa6e633e5660_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ocs-operator-bundle@sha256:bce44dc4b764b9b3e99d5d2cdc2242667195d6802ee1a5f1f692aa6e633e5660?arch=s390x\u0026repository_url=registry.redhat.io/ocs4/ocs-operator-bundle\u0026tag=4.7.0-11"
}
}
},
{
"category": "product_version",
"name": "ocs4/ocs-rhel8-operator@sha256:e715a9a62462de6c45ca82a3acc5d622d2df12ce965d226eb0a90f1cbfa212c5_s390x",
"product": {
"name": "ocs4/ocs-rhel8-operator@sha256:e715a9a62462de6c45ca82a3acc5d622d2df12ce965d226eb0a90f1cbfa212c5_s390x",
"product_id": "ocs4/ocs-rhel8-operator@sha256:e715a9a62462de6c45ca82a3acc5d622d2df12ce965d226eb0a90f1cbfa212c5_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ocs-rhel8-operator@sha256:e715a9a62462de6c45ca82a3acc5d622d2df12ce965d226eb0a90f1cbfa212c5?arch=s390x\u0026repository_url=registry.redhat.io/ocs4/ocs-rhel8-operator\u0026tag=4.7-174.7f14177.release_4.7"
}
}
},
{
"category": "product_version",
"name": "ocs4/rook-ceph-rhel8-operator@sha256:1c57a22591b2277403200cf3e254badcc827416fc01efabfd12c03c265a491b2_s390x",
"product": {
"name": "ocs4/rook-ceph-rhel8-operator@sha256:1c57a22591b2277403200cf3e254badcc827416fc01efabfd12c03c265a491b2_s390x",
"product_id": "ocs4/rook-ceph-rhel8-operator@sha256:1c57a22591b2277403200cf3e254badcc827416fc01efabfd12c03c265a491b2_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rook-ceph-rhel8-operator@sha256:1c57a22591b2277403200cf3e254badcc827416fc01efabfd12c03c265a491b2?arch=s390x\u0026repository_url=registry.redhat.io/ocs4/rook-ceph-rhel8-operator\u0026tag=4.7-140.49a6fcf.release_4.7"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "ocs4/cephcsi-rhel8@sha256:779479e90095b760fdca7da317aaf09f76b453aa262bd3c1ac0f41f7af483a2d_ppc64le",
"product": {
"name": "ocs4/cephcsi-rhel8@sha256:779479e90095b760fdca7da317aaf09f76b453aa262bd3c1ac0f41f7af483a2d_ppc64le",
"product_id": "ocs4/cephcsi-rhel8@sha256:779479e90095b760fdca7da317aaf09f76b453aa262bd3c1ac0f41f7af483a2d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/cephcsi-rhel8@sha256:779479e90095b760fdca7da317aaf09f76b453aa262bd3c1ac0f41f7af483a2d?arch=ppc64le\u0026repository_url=registry.redhat.io/ocs4/cephcsi-rhel8\u0026tag=4.7-102.5c44836.release_4.7"
}
}
},
{
"category": "product_version",
"name": "ocs4/mcg-core-rhel8@sha256:22037eb4c589c5ccf921cd15bb3c82d75fac298d2b53344575c2af7c22d5353c_ppc64le",
"product": {
"name": "ocs4/mcg-core-rhel8@sha256:22037eb4c589c5ccf921cd15bb3c82d75fac298d2b53344575c2af7c22d5353c_ppc64le",
"product_id": "ocs4/mcg-core-rhel8@sha256:22037eb4c589c5ccf921cd15bb3c82d75fac298d2b53344575c2af7c22d5353c_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/mcg-core-rhel8@sha256:22037eb4c589c5ccf921cd15bb3c82d75fac298d2b53344575c2af7c22d5353c?arch=ppc64le\u0026repository_url=registry.redhat.io/ocs4/mcg-core-rhel8\u0026tag=5.7.0-60.2c1fdb0.5.7"
}
}
},
{
"category": "product_version",
"name": "ocs4/mcg-rhel8-operator@sha256:bae35f5a3ac521dedd50d8852920f99a3f1c94d1a31a51856eefa24e94516142_ppc64le",
"product": {
"name": "ocs4/mcg-rhel8-operator@sha256:bae35f5a3ac521dedd50d8852920f99a3f1c94d1a31a51856eefa24e94516142_ppc64le",
"product_id": "ocs4/mcg-rhel8-operator@sha256:bae35f5a3ac521dedd50d8852920f99a3f1c94d1a31a51856eefa24e94516142_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/mcg-rhel8-operator@sha256:bae35f5a3ac521dedd50d8852920f99a3f1c94d1a31a51856eefa24e94516142?arch=ppc64le\u0026repository_url=registry.redhat.io/ocs4/mcg-rhel8-operator\u0026tag=5.7.0-69.85e2026.5.7"
}
}
},
{
"category": "product_version",
"name": "ocs4/ocs-must-gather-rhel8@sha256:5e4df11fa489a5aa7a03ff3983c9a35143e3a76667ea652c39b499dbacb9a11d_ppc64le",
"product": {
"name": "ocs4/ocs-must-gather-rhel8@sha256:5e4df11fa489a5aa7a03ff3983c9a35143e3a76667ea652c39b499dbacb9a11d_ppc64le",
"product_id": "ocs4/ocs-must-gather-rhel8@sha256:5e4df11fa489a5aa7a03ff3983c9a35143e3a76667ea652c39b499dbacb9a11d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ocs-must-gather-rhel8@sha256:5e4df11fa489a5aa7a03ff3983c9a35143e3a76667ea652c39b499dbacb9a11d?arch=ppc64le\u0026repository_url=registry.redhat.io/ocs4/ocs-must-gather-rhel8\u0026tag=4.7-174.7f14177.release_4.7"
}
}
},
{
"category": "product_version",
"name": "ocs4/ocs-operator-bundle@sha256:97f334a7c2d147e0cfded896355f7406bd2c893783011e345dbcb474850d0047_ppc64le",
"product": {
"name": "ocs4/ocs-operator-bundle@sha256:97f334a7c2d147e0cfded896355f7406bd2c893783011e345dbcb474850d0047_ppc64le",
"product_id": "ocs4/ocs-operator-bundle@sha256:97f334a7c2d147e0cfded896355f7406bd2c893783011e345dbcb474850d0047_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ocs-operator-bundle@sha256:97f334a7c2d147e0cfded896355f7406bd2c893783011e345dbcb474850d0047?arch=ppc64le\u0026repository_url=registry.redhat.io/ocs4/ocs-operator-bundle\u0026tag=4.7.0-11"
}
}
},
{
"category": "product_version",
"name": "ocs4/ocs-rhel8-operator@sha256:7dca985a1723e1c2169124a70182fd29a633ac7b9e9fa28ae24635e203003bc6_ppc64le",
"product": {
"name": "ocs4/ocs-rhel8-operator@sha256:7dca985a1723e1c2169124a70182fd29a633ac7b9e9fa28ae24635e203003bc6_ppc64le",
"product_id": "ocs4/ocs-rhel8-operator@sha256:7dca985a1723e1c2169124a70182fd29a633ac7b9e9fa28ae24635e203003bc6_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ocs-rhel8-operator@sha256:7dca985a1723e1c2169124a70182fd29a633ac7b9e9fa28ae24635e203003bc6?arch=ppc64le\u0026repository_url=registry.redhat.io/ocs4/ocs-rhel8-operator\u0026tag=4.7-174.7f14177.release_4.7"
}
}
},
{
"category": "product_version",
"name": "ocs4/rook-ceph-rhel8-operator@sha256:e25dc5fd74d37ea3b00898557b71cdefc7d508e748bfb230e18db7c2e3d526f4_ppc64le",
"product": {
"name": "ocs4/rook-ceph-rhel8-operator@sha256:e25dc5fd74d37ea3b00898557b71cdefc7d508e748bfb230e18db7c2e3d526f4_ppc64le",
"product_id": "ocs4/rook-ceph-rhel8-operator@sha256:e25dc5fd74d37ea3b00898557b71cdefc7d508e748bfb230e18db7c2e3d526f4_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rook-ceph-rhel8-operator@sha256:e25dc5fd74d37ea3b00898557b71cdefc7d508e748bfb230e18db7c2e3d526f4?arch=ppc64le\u0026repository_url=registry.redhat.io/ocs4/rook-ceph-rhel8-operator\u0026tag=4.7-140.49a6fcf.release_4.7"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/cephcsi-rhel8@sha256:779479e90095b760fdca7da317aaf09f76b453aa262bd3c1ac0f41f7af483a2d_ppc64le as a component of Red Hat OpenShift Container Storage 4.7 on RHEL-8",
"product_id": "8Base-RH-OCS-4.7:ocs4/cephcsi-rhel8@sha256:779479e90095b760fdca7da317aaf09f76b453aa262bd3c1ac0f41f7af483a2d_ppc64le"
},
"product_reference": "ocs4/cephcsi-rhel8@sha256:779479e90095b760fdca7da317aaf09f76b453aa262bd3c1ac0f41f7af483a2d_ppc64le",
"relates_to_product_reference": "8Base-RH-OCS-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/cephcsi-rhel8@sha256:ac0ed0ba8ef78e3b46dcf6936f7d97ac4c0f85ac596f263880b56a12dac36234_amd64 as a component of Red Hat OpenShift Container Storage 4.7 on RHEL-8",
"product_id": "8Base-RH-OCS-4.7:ocs4/cephcsi-rhel8@sha256:ac0ed0ba8ef78e3b46dcf6936f7d97ac4c0f85ac596f263880b56a12dac36234_amd64"
},
"product_reference": "ocs4/cephcsi-rhel8@sha256:ac0ed0ba8ef78e3b46dcf6936f7d97ac4c0f85ac596f263880b56a12dac36234_amd64",
"relates_to_product_reference": "8Base-RH-OCS-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/cephcsi-rhel8@sha256:c7b09f1114aa36be379a9f52b3f156499bcd31d7537f1235a364129d1382497c_s390x as a component of Red Hat OpenShift Container Storage 4.7 on RHEL-8",
"product_id": "8Base-RH-OCS-4.7:ocs4/cephcsi-rhel8@sha256:c7b09f1114aa36be379a9f52b3f156499bcd31d7537f1235a364129d1382497c_s390x"
},
"product_reference": "ocs4/cephcsi-rhel8@sha256:c7b09f1114aa36be379a9f52b3f156499bcd31d7537f1235a364129d1382497c_s390x",
"relates_to_product_reference": "8Base-RH-OCS-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/mcg-core-rhel8@sha256:22037eb4c589c5ccf921cd15bb3c82d75fac298d2b53344575c2af7c22d5353c_ppc64le as a component of Red Hat OpenShift Container Storage 4.7 on RHEL-8",
"product_id": "8Base-RH-OCS-4.7:ocs4/mcg-core-rhel8@sha256:22037eb4c589c5ccf921cd15bb3c82d75fac298d2b53344575c2af7c22d5353c_ppc64le"
},
"product_reference": "ocs4/mcg-core-rhel8@sha256:22037eb4c589c5ccf921cd15bb3c82d75fac298d2b53344575c2af7c22d5353c_ppc64le",
"relates_to_product_reference": "8Base-RH-OCS-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/mcg-core-rhel8@sha256:5b1046b56cd5d7cbde64a3cfce800b76b3bd7fb0f535ac2382e97eb8fc93314c_amd64 as a component of Red Hat OpenShift Container Storage 4.7 on RHEL-8",
"product_id": "8Base-RH-OCS-4.7:ocs4/mcg-core-rhel8@sha256:5b1046b56cd5d7cbde64a3cfce800b76b3bd7fb0f535ac2382e97eb8fc93314c_amd64"
},
"product_reference": "ocs4/mcg-core-rhel8@sha256:5b1046b56cd5d7cbde64a3cfce800b76b3bd7fb0f535ac2382e97eb8fc93314c_amd64",
"relates_to_product_reference": "8Base-RH-OCS-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/mcg-core-rhel8@sha256:725dd955d4a2a4c27405d7c0d3141384c1e5bb52276056bc7ab8a35d124dcc0e_s390x as a component of Red Hat OpenShift Container Storage 4.7 on RHEL-8",
"product_id": "8Base-RH-OCS-4.7:ocs4/mcg-core-rhel8@sha256:725dd955d4a2a4c27405d7c0d3141384c1e5bb52276056bc7ab8a35d124dcc0e_s390x"
},
"product_reference": "ocs4/mcg-core-rhel8@sha256:725dd955d4a2a4c27405d7c0d3141384c1e5bb52276056bc7ab8a35d124dcc0e_s390x",
"relates_to_product_reference": "8Base-RH-OCS-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/mcg-rhel8-operator@sha256:21e57d86bcf007a70bc5e14ff5f0380a1ea26c4d2d2cdf191e9289d04b1f06e7_amd64 as a component of Red Hat OpenShift Container Storage 4.7 on RHEL-8",
"product_id": "8Base-RH-OCS-4.7:ocs4/mcg-rhel8-operator@sha256:21e57d86bcf007a70bc5e14ff5f0380a1ea26c4d2d2cdf191e9289d04b1f06e7_amd64"
},
"product_reference": "ocs4/mcg-rhel8-operator@sha256:21e57d86bcf007a70bc5e14ff5f0380a1ea26c4d2d2cdf191e9289d04b1f06e7_amd64",
"relates_to_product_reference": "8Base-RH-OCS-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/mcg-rhel8-operator@sha256:94dccc304395df6d8b37f8371737646d07cf289f83b30c78c353e9a4dec05b76_s390x as a component of Red Hat OpenShift Container Storage 4.7 on RHEL-8",
"product_id": "8Base-RH-OCS-4.7:ocs4/mcg-rhel8-operator@sha256:94dccc304395df6d8b37f8371737646d07cf289f83b30c78c353e9a4dec05b76_s390x"
},
"product_reference": "ocs4/mcg-rhel8-operator@sha256:94dccc304395df6d8b37f8371737646d07cf289f83b30c78c353e9a4dec05b76_s390x",
"relates_to_product_reference": "8Base-RH-OCS-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/mcg-rhel8-operator@sha256:bae35f5a3ac521dedd50d8852920f99a3f1c94d1a31a51856eefa24e94516142_ppc64le as a component of Red Hat OpenShift Container Storage 4.7 on RHEL-8",
"product_id": "8Base-RH-OCS-4.7:ocs4/mcg-rhel8-operator@sha256:bae35f5a3ac521dedd50d8852920f99a3f1c94d1a31a51856eefa24e94516142_ppc64le"
},
"product_reference": "ocs4/mcg-rhel8-operator@sha256:bae35f5a3ac521dedd50d8852920f99a3f1c94d1a31a51856eefa24e94516142_ppc64le",
"relates_to_product_reference": "8Base-RH-OCS-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/ocs-must-gather-rhel8@sha256:5e4df11fa489a5aa7a03ff3983c9a35143e3a76667ea652c39b499dbacb9a11d_ppc64le as a component of Red Hat OpenShift Container Storage 4.7 on RHEL-8",
"product_id": "8Base-RH-OCS-4.7:ocs4/ocs-must-gather-rhel8@sha256:5e4df11fa489a5aa7a03ff3983c9a35143e3a76667ea652c39b499dbacb9a11d_ppc64le"
},
"product_reference": "ocs4/ocs-must-gather-rhel8@sha256:5e4df11fa489a5aa7a03ff3983c9a35143e3a76667ea652c39b499dbacb9a11d_ppc64le",
"relates_to_product_reference": "8Base-RH-OCS-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/ocs-must-gather-rhel8@sha256:6512915dabeef1d170bd2a61339d6849c175082151bc2f273bef1036738456e0_s390x as a component of Red Hat OpenShift Container Storage 4.7 on RHEL-8",
"product_id": "8Base-RH-OCS-4.7:ocs4/ocs-must-gather-rhel8@sha256:6512915dabeef1d170bd2a61339d6849c175082151bc2f273bef1036738456e0_s390x"
},
"product_reference": "ocs4/ocs-must-gather-rhel8@sha256:6512915dabeef1d170bd2a61339d6849c175082151bc2f273bef1036738456e0_s390x",
"relates_to_product_reference": "8Base-RH-OCS-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/ocs-must-gather-rhel8@sha256:ca93487e2344a02ab4da0eb010608082134c7e136f2b3cfa51a2d04b10313b3c_amd64 as a component of Red Hat OpenShift Container Storage 4.7 on RHEL-8",
"product_id": "8Base-RH-OCS-4.7:ocs4/ocs-must-gather-rhel8@sha256:ca93487e2344a02ab4da0eb010608082134c7e136f2b3cfa51a2d04b10313b3c_amd64"
},
"product_reference": "ocs4/ocs-must-gather-rhel8@sha256:ca93487e2344a02ab4da0eb010608082134c7e136f2b3cfa51a2d04b10313b3c_amd64",
"relates_to_product_reference": "8Base-RH-OCS-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/ocs-operator-bundle@sha256:70c98f7353bd302c55e6fa2f51cb4385309aafeb4a2901c94b44cee2846679fc_amd64 as a component of Red Hat OpenShift Container Storage 4.7 on RHEL-8",
"product_id": "8Base-RH-OCS-4.7:ocs4/ocs-operator-bundle@sha256:70c98f7353bd302c55e6fa2f51cb4385309aafeb4a2901c94b44cee2846679fc_amd64"
},
"product_reference": "ocs4/ocs-operator-bundle@sha256:70c98f7353bd302c55e6fa2f51cb4385309aafeb4a2901c94b44cee2846679fc_amd64",
"relates_to_product_reference": "8Base-RH-OCS-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/ocs-operator-bundle@sha256:97f334a7c2d147e0cfded896355f7406bd2c893783011e345dbcb474850d0047_ppc64le as a component of Red Hat OpenShift Container Storage 4.7 on RHEL-8",
"product_id": "8Base-RH-OCS-4.7:ocs4/ocs-operator-bundle@sha256:97f334a7c2d147e0cfded896355f7406bd2c893783011e345dbcb474850d0047_ppc64le"
},
"product_reference": "ocs4/ocs-operator-bundle@sha256:97f334a7c2d147e0cfded896355f7406bd2c893783011e345dbcb474850d0047_ppc64le",
"relates_to_product_reference": "8Base-RH-OCS-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/ocs-operator-bundle@sha256:bce44dc4b764b9b3e99d5d2cdc2242667195d6802ee1a5f1f692aa6e633e5660_s390x as a component of Red Hat OpenShift Container Storage 4.7 on RHEL-8",
"product_id": "8Base-RH-OCS-4.7:ocs4/ocs-operator-bundle@sha256:bce44dc4b764b9b3e99d5d2cdc2242667195d6802ee1a5f1f692aa6e633e5660_s390x"
},
"product_reference": "ocs4/ocs-operator-bundle@sha256:bce44dc4b764b9b3e99d5d2cdc2242667195d6802ee1a5f1f692aa6e633e5660_s390x",
"relates_to_product_reference": "8Base-RH-OCS-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/ocs-rhel8-operator@sha256:7dca985a1723e1c2169124a70182fd29a633ac7b9e9fa28ae24635e203003bc6_ppc64le as a component of Red Hat OpenShift Container Storage 4.7 on RHEL-8",
"product_id": "8Base-RH-OCS-4.7:ocs4/ocs-rhel8-operator@sha256:7dca985a1723e1c2169124a70182fd29a633ac7b9e9fa28ae24635e203003bc6_ppc64le"
},
"product_reference": "ocs4/ocs-rhel8-operator@sha256:7dca985a1723e1c2169124a70182fd29a633ac7b9e9fa28ae24635e203003bc6_ppc64le",
"relates_to_product_reference": "8Base-RH-OCS-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/ocs-rhel8-operator@sha256:e715a9a62462de6c45ca82a3acc5d622d2df12ce965d226eb0a90f1cbfa212c5_s390x as a component of Red Hat OpenShift Container Storage 4.7 on RHEL-8",
"product_id": "8Base-RH-OCS-4.7:ocs4/ocs-rhel8-operator@sha256:e715a9a62462de6c45ca82a3acc5d622d2df12ce965d226eb0a90f1cbfa212c5_s390x"
},
"product_reference": "ocs4/ocs-rhel8-operator@sha256:e715a9a62462de6c45ca82a3acc5d622d2df12ce965d226eb0a90f1cbfa212c5_s390x",
"relates_to_product_reference": "8Base-RH-OCS-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/ocs-rhel8-operator@sha256:f6319e4d6e32109deeaebe4d99cc18fd5a272c0655ba73fe2521ca63981efba6_amd64 as a component of Red Hat OpenShift Container Storage 4.7 on RHEL-8",
"product_id": "8Base-RH-OCS-4.7:ocs4/ocs-rhel8-operator@sha256:f6319e4d6e32109deeaebe4d99cc18fd5a272c0655ba73fe2521ca63981efba6_amd64"
},
"product_reference": "ocs4/ocs-rhel8-operator@sha256:f6319e4d6e32109deeaebe4d99cc18fd5a272c0655ba73fe2521ca63981efba6_amd64",
"relates_to_product_reference": "8Base-RH-OCS-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/rook-ceph-rhel8-operator@sha256:1c57a22591b2277403200cf3e254badcc827416fc01efabfd12c03c265a491b2_s390x as a component of Red Hat OpenShift Container Storage 4.7 on RHEL-8",
"product_id": "8Base-RH-OCS-4.7:ocs4/rook-ceph-rhel8-operator@sha256:1c57a22591b2277403200cf3e254badcc827416fc01efabfd12c03c265a491b2_s390x"
},
"product_reference": "ocs4/rook-ceph-rhel8-operator@sha256:1c57a22591b2277403200cf3e254badcc827416fc01efabfd12c03c265a491b2_s390x",
"relates_to_product_reference": "8Base-RH-OCS-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/rook-ceph-rhel8-operator@sha256:de99a6b3cefa44dd22c637cfa2fb54c60d2b0e14970466cea19979e2e59668c7_amd64 as a component of Red Hat OpenShift Container Storage 4.7 on RHEL-8",
"product_id": "8Base-RH-OCS-4.7:ocs4/rook-ceph-rhel8-operator@sha256:de99a6b3cefa44dd22c637cfa2fb54c60d2b0e14970466cea19979e2e59668c7_amd64"
},
"product_reference": "ocs4/rook-ceph-rhel8-operator@sha256:de99a6b3cefa44dd22c637cfa2fb54c60d2b0e14970466cea19979e2e59668c7_amd64",
"relates_to_product_reference": "8Base-RH-OCS-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/rook-ceph-rhel8-operator@sha256:e25dc5fd74d37ea3b00898557b71cdefc7d508e748bfb230e18db7c2e3d526f4_ppc64le as a component of Red Hat OpenShift Container Storage 4.7 on RHEL-8",
"product_id": "8Base-RH-OCS-4.7:ocs4/rook-ceph-rhel8-operator@sha256:e25dc5fd74d37ea3b00898557b71cdefc7d508e748bfb230e18db7c2e3d526f4_ppc64le"
},
"product_reference": "ocs4/rook-ceph-rhel8-operator@sha256:e25dc5fd74d37ea3b00898557b71cdefc7d508e748bfb230e18db7c2e3d526f4_ppc64le",
"relates_to_product_reference": "8Base-RH-OCS-4.7"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-7608",
"cwe": {
"id": "CWE-267",
"name": "Privilege Defined With Unsafe Actions"
},
"discovery_date": "2020-05-11T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RH-OCS-4.7:ocs4/cephcsi-rhel8@sha256:779479e90095b760fdca7da317aaf09f76b453aa262bd3c1ac0f41f7af483a2d_ppc64le",
"8Base-RH-OCS-4.7:ocs4/cephcsi-rhel8@sha256:ac0ed0ba8ef78e3b46dcf6936f7d97ac4c0f85ac596f263880b56a12dac36234_amd64",
"8Base-RH-OCS-4.7:ocs4/cephcsi-rhel8@sha256:c7b09f1114aa36be379a9f52b3f156499bcd31d7537f1235a364129d1382497c_s390x",
"8Base-RH-OCS-4.7:ocs4/mcg-rhel8-operator@sha256:21e57d86bcf007a70bc5e14ff5f0380a1ea26c4d2d2cdf191e9289d04b1f06e7_amd64",
"8Base-RH-OCS-4.7:ocs4/mcg-rhel8-operator@sha256:94dccc304395df6d8b37f8371737646d07cf289f83b30c78c353e9a4dec05b76_s390x",
"8Base-RH-OCS-4.7:ocs4/mcg-rhel8-operator@sha256:bae35f5a3ac521dedd50d8852920f99a3f1c94d1a31a51856eefa24e94516142_ppc64le",
"8Base-RH-OCS-4.7:ocs4/ocs-must-gather-rhel8@sha256:5e4df11fa489a5aa7a03ff3983c9a35143e3a76667ea652c39b499dbacb9a11d_ppc64le",
"8Base-RH-OCS-4.7:ocs4/ocs-must-gather-rhel8@sha256:6512915dabeef1d170bd2a61339d6849c175082151bc2f273bef1036738456e0_s390x",
"8Base-RH-OCS-4.7:ocs4/ocs-must-gather-rhel8@sha256:ca93487e2344a02ab4da0eb010608082134c7e136f2b3cfa51a2d04b10313b3c_amd64",
"8Base-RH-OCS-4.7:ocs4/ocs-operator-bundle@sha256:70c98f7353bd302c55e6fa2f51cb4385309aafeb4a2901c94b44cee2846679fc_amd64",
"8Base-RH-OCS-4.7:ocs4/ocs-operator-bundle@sha256:97f334a7c2d147e0cfded896355f7406bd2c893783011e345dbcb474850d0047_ppc64le",
"8Base-RH-OCS-4.7:ocs4/ocs-operator-bundle@sha256:bce44dc4b764b9b3e99d5d2cdc2242667195d6802ee1a5f1f692aa6e633e5660_s390x",
"8Base-RH-OCS-4.7:ocs4/ocs-rhel8-operator@sha256:7dca985a1723e1c2169124a70182fd29a633ac7b9e9fa28ae24635e203003bc6_ppc64le",
"8Base-RH-OCS-4.7:ocs4/ocs-rhel8-operator@sha256:e715a9a62462de6c45ca82a3acc5d622d2df12ce965d226eb0a90f1cbfa212c5_s390x",
"8Base-RH-OCS-4.7:ocs4/ocs-rhel8-operator@sha256:f6319e4d6e32109deeaebe4d99cc18fd5a272c0655ba73fe2521ca63981efba6_amd64",
"8Base-RH-OCS-4.7:ocs4/rook-ceph-rhel8-operator@sha256:1c57a22591b2277403200cf3e254badcc827416fc01efabfd12c03c265a491b2_s390x",
"8Base-RH-OCS-4.7:ocs4/rook-ceph-rhel8-operator@sha256:de99a6b3cefa44dd22c637cfa2fb54c60d2b0e14970466cea19979e2e59668c7_amd64",
"8Base-RH-OCS-4.7:ocs4/rook-ceph-rhel8-operator@sha256:e25dc5fd74d37ea3b00898557b71cdefc7d508e748bfb230e18db7c2e3d526f4_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1840004"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in nodesjs-yargs-parser, where it can be tricked into adding or modifying properties of the Object.prototype using a \"__proto__\" payload. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-yargs-parser: prototype pollution vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RH-OCS-4.7:ocs4/mcg-core-rhel8@sha256:22037eb4c589c5ccf921cd15bb3c82d75fac298d2b53344575c2af7c22d5353c_ppc64le",
"8Base-RH-OCS-4.7:ocs4/mcg-core-rhel8@sha256:5b1046b56cd5d7cbde64a3cfce800b76b3bd7fb0f535ac2382e97eb8fc93314c_amd64",
"8Base-RH-OCS-4.7:ocs4/mcg-core-rhel8@sha256:725dd955d4a2a4c27405d7c0d3141384c1e5bb52276056bc7ab8a35d124dcc0e_s390x"
],
"known_not_affected": [
"8Base-RH-OCS-4.7:ocs4/cephcsi-rhel8@sha256:779479e90095b760fdca7da317aaf09f76b453aa262bd3c1ac0f41f7af483a2d_ppc64le",
"8Base-RH-OCS-4.7:ocs4/cephcsi-rhel8@sha256:ac0ed0ba8ef78e3b46dcf6936f7d97ac4c0f85ac596f263880b56a12dac36234_amd64",
"8Base-RH-OCS-4.7:ocs4/cephcsi-rhel8@sha256:c7b09f1114aa36be379a9f52b3f156499bcd31d7537f1235a364129d1382497c_s390x",
"8Base-RH-OCS-4.7:ocs4/mcg-rhel8-operator@sha256:21e57d86bcf007a70bc5e14ff5f0380a1ea26c4d2d2cdf191e9289d04b1f06e7_amd64",
"8Base-RH-OCS-4.7:ocs4/mcg-rhel8-operator@sha256:94dccc304395df6d8b37f8371737646d07cf289f83b30c78c353e9a4dec05b76_s390x",
"8Base-RH-OCS-4.7:ocs4/mcg-rhel8-operator@sha256:bae35f5a3ac521dedd50d8852920f99a3f1c94d1a31a51856eefa24e94516142_ppc64le",
"8Base-RH-OCS-4.7:ocs4/ocs-must-gather-rhel8@sha256:5e4df11fa489a5aa7a03ff3983c9a35143e3a76667ea652c39b499dbacb9a11d_ppc64le",
"8Base-RH-OCS-4.7:ocs4/ocs-must-gather-rhel8@sha256:6512915dabeef1d170bd2a61339d6849c175082151bc2f273bef1036738456e0_s390x",
"8Base-RH-OCS-4.7:ocs4/ocs-must-gather-rhel8@sha256:ca93487e2344a02ab4da0eb010608082134c7e136f2b3cfa51a2d04b10313b3c_amd64",
"8Base-RH-OCS-4.7:ocs4/ocs-operator-bundle@sha256:70c98f7353bd302c55e6fa2f51cb4385309aafeb4a2901c94b44cee2846679fc_amd64",
"8Base-RH-OCS-4.7:ocs4/ocs-operator-bundle@sha256:97f334a7c2d147e0cfded896355f7406bd2c893783011e345dbcb474850d0047_ppc64le",
"8Base-RH-OCS-4.7:ocs4/ocs-operator-bundle@sha256:bce44dc4b764b9b3e99d5d2cdc2242667195d6802ee1a5f1f692aa6e633e5660_s390x",
"8Base-RH-OCS-4.7:ocs4/ocs-rhel8-operator@sha256:7dca985a1723e1c2169124a70182fd29a633ac7b9e9fa28ae24635e203003bc6_ppc64le",
"8Base-RH-OCS-4.7:ocs4/ocs-rhel8-operator@sha256:e715a9a62462de6c45ca82a3acc5d622d2df12ce965d226eb0a90f1cbfa212c5_s390x",
"8Base-RH-OCS-4.7:ocs4/ocs-rhel8-operator@sha256:f6319e4d6e32109deeaebe4d99cc18fd5a272c0655ba73fe2521ca63981efba6_amd64",
"8Base-RH-OCS-4.7:ocs4/rook-ceph-rhel8-operator@sha256:1c57a22591b2277403200cf3e254badcc827416fc01efabfd12c03c265a491b2_s390x",
"8Base-RH-OCS-4.7:ocs4/rook-ceph-rhel8-operator@sha256:de99a6b3cefa44dd22c637cfa2fb54c60d2b0e14970466cea19979e2e59668c7_amd64",
"8Base-RH-OCS-4.7:ocs4/rook-ceph-rhel8-operator@sha256:e25dc5fd74d37ea3b00898557b71cdefc7d508e748bfb230e18db7c2e3d526f4_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-7608"
},
{
"category": "external",
"summary": "RHBZ#1840004",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1840004"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-7608",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7608"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-7608",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7608"
}
],
"release_date": "2020-03-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-19T09:14:24+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RH-OCS-4.7:ocs4/mcg-core-rhel8@sha256:22037eb4c589c5ccf921cd15bb3c82d75fac298d2b53344575c2af7c22d5353c_ppc64le",
"8Base-RH-OCS-4.7:ocs4/mcg-core-rhel8@sha256:5b1046b56cd5d7cbde64a3cfce800b76b3bd7fb0f535ac2382e97eb8fc93314c_amd64",
"8Base-RH-OCS-4.7:ocs4/mcg-core-rhel8@sha256:725dd955d4a2a4c27405d7c0d3141384c1e5bb52276056bc7ab8a35d124dcc0e_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:2041"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"8Base-RH-OCS-4.7:ocs4/cephcsi-rhel8@sha256:779479e90095b760fdca7da317aaf09f76b453aa262bd3c1ac0f41f7af483a2d_ppc64le",
"8Base-RH-OCS-4.7:ocs4/cephcsi-rhel8@sha256:ac0ed0ba8ef78e3b46dcf6936f7d97ac4c0f85ac596f263880b56a12dac36234_amd64",
"8Base-RH-OCS-4.7:ocs4/cephcsi-rhel8@sha256:c7b09f1114aa36be379a9f52b3f156499bcd31d7537f1235a364129d1382497c_s390x",
"8Base-RH-OCS-4.7:ocs4/mcg-core-rhel8@sha256:22037eb4c589c5ccf921cd15bb3c82d75fac298d2b53344575c2af7c22d5353c_ppc64le",
"8Base-RH-OCS-4.7:ocs4/mcg-core-rhel8@sha256:5b1046b56cd5d7cbde64a3cfce800b76b3bd7fb0f535ac2382e97eb8fc93314c_amd64",
"8Base-RH-OCS-4.7:ocs4/mcg-core-rhel8@sha256:725dd955d4a2a4c27405d7c0d3141384c1e5bb52276056bc7ab8a35d124dcc0e_s390x",
"8Base-RH-OCS-4.7:ocs4/mcg-rhel8-operator@sha256:21e57d86bcf007a70bc5e14ff5f0380a1ea26c4d2d2cdf191e9289d04b1f06e7_amd64",
"8Base-RH-OCS-4.7:ocs4/mcg-rhel8-operator@sha256:94dccc304395df6d8b37f8371737646d07cf289f83b30c78c353e9a4dec05b76_s390x",
"8Base-RH-OCS-4.7:ocs4/mcg-rhel8-operator@sha256:bae35f5a3ac521dedd50d8852920f99a3f1c94d1a31a51856eefa24e94516142_ppc64le",
"8Base-RH-OCS-4.7:ocs4/ocs-must-gather-rhel8@sha256:5e4df11fa489a5aa7a03ff3983c9a35143e3a76667ea652c39b499dbacb9a11d_ppc64le",
"8Base-RH-OCS-4.7:ocs4/ocs-must-gather-rhel8@sha256:6512915dabeef1d170bd2a61339d6849c175082151bc2f273bef1036738456e0_s390x",
"8Base-RH-OCS-4.7:ocs4/ocs-must-gather-rhel8@sha256:ca93487e2344a02ab4da0eb010608082134c7e136f2b3cfa51a2d04b10313b3c_amd64",
"8Base-RH-OCS-4.7:ocs4/ocs-operator-bundle@sha256:70c98f7353bd302c55e6fa2f51cb4385309aafeb4a2901c94b44cee2846679fc_amd64",
"8Base-RH-OCS-4.7:ocs4/ocs-operator-bundle@sha256:97f334a7c2d147e0cfded896355f7406bd2c893783011e345dbcb474850d0047_ppc64le",
"8Base-RH-OCS-4.7:ocs4/ocs-operator-bundle@sha256:bce44dc4b764b9b3e99d5d2cdc2242667195d6802ee1a5f1f692aa6e633e5660_s390x",
"8Base-RH-OCS-4.7:ocs4/ocs-rhel8-operator@sha256:7dca985a1723e1c2169124a70182fd29a633ac7b9e9fa28ae24635e203003bc6_ppc64le",
"8Base-RH-OCS-4.7:ocs4/ocs-rhel8-operator@sha256:e715a9a62462de6c45ca82a3acc5d622d2df12ce965d226eb0a90f1cbfa212c5_s390x",
"8Base-RH-OCS-4.7:ocs4/ocs-rhel8-operator@sha256:f6319e4d6e32109deeaebe4d99cc18fd5a272c0655ba73fe2521ca63981efba6_amd64",
"8Base-RH-OCS-4.7:ocs4/rook-ceph-rhel8-operator@sha256:1c57a22591b2277403200cf3e254badcc827416fc01efabfd12c03c265a491b2_s390x",
"8Base-RH-OCS-4.7:ocs4/rook-ceph-rhel8-operator@sha256:de99a6b3cefa44dd22c637cfa2fb54c60d2b0e14970466cea19979e2e59668c7_amd64",
"8Base-RH-OCS-4.7:ocs4/rook-ceph-rhel8-operator@sha256:e25dc5fd74d37ea3b00898557b71cdefc7d508e748bfb230e18db7c2e3d526f4_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "nodejs-yargs-parser: prototype pollution vulnerability"
},
{
"cve": "CVE-2020-7774",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RH-OCS-4.7:ocs4/cephcsi-rhel8@sha256:779479e90095b760fdca7da317aaf09f76b453aa262bd3c1ac0f41f7af483a2d_ppc64le",
"8Base-RH-OCS-4.7:ocs4/cephcsi-rhel8@sha256:ac0ed0ba8ef78e3b46dcf6936f7d97ac4c0f85ac596f263880b56a12dac36234_amd64",
"8Base-RH-OCS-4.7:ocs4/cephcsi-rhel8@sha256:c7b09f1114aa36be379a9f52b3f156499bcd31d7537f1235a364129d1382497c_s390x",
"8Base-RH-OCS-4.7:ocs4/mcg-rhel8-operator@sha256:21e57d86bcf007a70bc5e14ff5f0380a1ea26c4d2d2cdf191e9289d04b1f06e7_amd64",
"8Base-RH-OCS-4.7:ocs4/mcg-rhel8-operator@sha256:94dccc304395df6d8b37f8371737646d07cf289f83b30c78c353e9a4dec05b76_s390x",
"8Base-RH-OCS-4.7:ocs4/mcg-rhel8-operator@sha256:bae35f5a3ac521dedd50d8852920f99a3f1c94d1a31a51856eefa24e94516142_ppc64le",
"8Base-RH-OCS-4.7:ocs4/ocs-must-gather-rhel8@sha256:5e4df11fa489a5aa7a03ff3983c9a35143e3a76667ea652c39b499dbacb9a11d_ppc64le",
"8Base-RH-OCS-4.7:ocs4/ocs-must-gather-rhel8@sha256:6512915dabeef1d170bd2a61339d6849c175082151bc2f273bef1036738456e0_s390x",
"8Base-RH-OCS-4.7:ocs4/ocs-must-gather-rhel8@sha256:ca93487e2344a02ab4da0eb010608082134c7e136f2b3cfa51a2d04b10313b3c_amd64",
"8Base-RH-OCS-4.7:ocs4/ocs-operator-bundle@sha256:70c98f7353bd302c55e6fa2f51cb4385309aafeb4a2901c94b44cee2846679fc_amd64",
"8Base-RH-OCS-4.7:ocs4/ocs-operator-bundle@sha256:97f334a7c2d147e0cfded896355f7406bd2c893783011e345dbcb474850d0047_ppc64le",
"8Base-RH-OCS-4.7:ocs4/ocs-operator-bundle@sha256:bce44dc4b764b9b3e99d5d2cdc2242667195d6802ee1a5f1f692aa6e633e5660_s390x",
"8Base-RH-OCS-4.7:ocs4/ocs-rhel8-operator@sha256:7dca985a1723e1c2169124a70182fd29a633ac7b9e9fa28ae24635e203003bc6_ppc64le",
"8Base-RH-OCS-4.7:ocs4/ocs-rhel8-operator@sha256:e715a9a62462de6c45ca82a3acc5d622d2df12ce965d226eb0a90f1cbfa212c5_s390x",
"8Base-RH-OCS-4.7:ocs4/ocs-rhel8-operator@sha256:f6319e4d6e32109deeaebe4d99cc18fd5a272c0655ba73fe2521ca63981efba6_amd64",
"8Base-RH-OCS-4.7:ocs4/rook-ceph-rhel8-operator@sha256:1c57a22591b2277403200cf3e254badcc827416fc01efabfd12c03c265a491b2_s390x",
"8Base-RH-OCS-4.7:ocs4/rook-ceph-rhel8-operator@sha256:de99a6b3cefa44dd22c637cfa2fb54c60d2b0e14970466cea19979e2e59668c7_amd64",
"8Base-RH-OCS-4.7:ocs4/rook-ceph-rhel8-operator@sha256:e25dc5fd74d37ea3b00898557b71cdefc7d508e748bfb230e18db7c2e3d526f4_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898680"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in nodejs-y18n. There is a prototype pollution vulnerability in y18n\u0027s locale functionality. If an attacker is able to provide untrusted input via locale, they may be able to cause denial of service or in rare circumstances, impact to data integrity or confidentiality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-y18n: prototype pollution vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In OpenShift Container Platform (OCP), OpenShift ServiceMesh (OSSM) and OpenShift distributed tracing the affected components are behind OpenShift OAuth authentication. This restricts access to the vulnerable nodejs-y18n library to authenticated users only, therefore the impact is Low.\n\nIn Red Hat OpenShift Container Storage 4 the noobaa-core container includes the affected version of y18n as a dependency of yargs. However, no unsafe usage found where the module accepts untrusted input and hence this issue has been rated as having a security impact of Low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RH-OCS-4.7:ocs4/mcg-core-rhel8@sha256:22037eb4c589c5ccf921cd15bb3c82d75fac298d2b53344575c2af7c22d5353c_ppc64le",
"8Base-RH-OCS-4.7:ocs4/mcg-core-rhel8@sha256:5b1046b56cd5d7cbde64a3cfce800b76b3bd7fb0f535ac2382e97eb8fc93314c_amd64",
"8Base-RH-OCS-4.7:ocs4/mcg-core-rhel8@sha256:725dd955d4a2a4c27405d7c0d3141384c1e5bb52276056bc7ab8a35d124dcc0e_s390x"
],
"known_not_affected": [
"8Base-RH-OCS-4.7:ocs4/cephcsi-rhel8@sha256:779479e90095b760fdca7da317aaf09f76b453aa262bd3c1ac0f41f7af483a2d_ppc64le",
"8Base-RH-OCS-4.7:ocs4/cephcsi-rhel8@sha256:ac0ed0ba8ef78e3b46dcf6936f7d97ac4c0f85ac596f263880b56a12dac36234_amd64",
"8Base-RH-OCS-4.7:ocs4/cephcsi-rhel8@sha256:c7b09f1114aa36be379a9f52b3f156499bcd31d7537f1235a364129d1382497c_s390x",
"8Base-RH-OCS-4.7:ocs4/mcg-rhel8-operator@sha256:21e57d86bcf007a70bc5e14ff5f0380a1ea26c4d2d2cdf191e9289d04b1f06e7_amd64",
"8Base-RH-OCS-4.7:ocs4/mcg-rhel8-operator@sha256:94dccc304395df6d8b37f8371737646d07cf289f83b30c78c353e9a4dec05b76_s390x",
"8Base-RH-OCS-4.7:ocs4/mcg-rhel8-operator@sha256:bae35f5a3ac521dedd50d8852920f99a3f1c94d1a31a51856eefa24e94516142_ppc64le",
"8Base-RH-OCS-4.7:ocs4/ocs-must-gather-rhel8@sha256:5e4df11fa489a5aa7a03ff3983c9a35143e3a76667ea652c39b499dbacb9a11d_ppc64le",
"8Base-RH-OCS-4.7:ocs4/ocs-must-gather-rhel8@sha256:6512915dabeef1d170bd2a61339d6849c175082151bc2f273bef1036738456e0_s390x",
"8Base-RH-OCS-4.7:ocs4/ocs-must-gather-rhel8@sha256:ca93487e2344a02ab4da0eb010608082134c7e136f2b3cfa51a2d04b10313b3c_amd64",
"8Base-RH-OCS-4.7:ocs4/ocs-operator-bundle@sha256:70c98f7353bd302c55e6fa2f51cb4385309aafeb4a2901c94b44cee2846679fc_amd64",
"8Base-RH-OCS-4.7:ocs4/ocs-operator-bundle@sha256:97f334a7c2d147e0cfded896355f7406bd2c893783011e345dbcb474850d0047_ppc64le",
"8Base-RH-OCS-4.7:ocs4/ocs-operator-bundle@sha256:bce44dc4b764b9b3e99d5d2cdc2242667195d6802ee1a5f1f692aa6e633e5660_s390x",
"8Base-RH-OCS-4.7:ocs4/ocs-rhel8-operator@sha256:7dca985a1723e1c2169124a70182fd29a633ac7b9e9fa28ae24635e203003bc6_ppc64le",
"8Base-RH-OCS-4.7:ocs4/ocs-rhel8-operator@sha256:e715a9a62462de6c45ca82a3acc5d622d2df12ce965d226eb0a90f1cbfa212c5_s390x",
"8Base-RH-OCS-4.7:ocs4/ocs-rhel8-operator@sha256:f6319e4d6e32109deeaebe4d99cc18fd5a272c0655ba73fe2521ca63981efba6_amd64",
"8Base-RH-OCS-4.7:ocs4/rook-ceph-rhel8-operator@sha256:1c57a22591b2277403200cf3e254badcc827416fc01efabfd12c03c265a491b2_s390x",
"8Base-RH-OCS-4.7:ocs4/rook-ceph-rhel8-operator@sha256:de99a6b3cefa44dd22c637cfa2fb54c60d2b0e14970466cea19979e2e59668c7_amd64",
"8Base-RH-OCS-4.7:ocs4/rook-ceph-rhel8-operator@sha256:e25dc5fd74d37ea3b00898557b71cdefc7d508e748bfb230e18db7c2e3d526f4_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-7774"
},
{
"category": "external",
"summary": "RHBZ#1898680",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898680"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-7774",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7774"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-7774",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7774"
},
{
"category": "external",
"summary": "https://snyk.io/vuln/SNYK-JS-Y18N-1021887",
"url": "https://snyk.io/vuln/SNYK-JS-Y18N-1021887"
}
],
"release_date": "2020-10-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-19T09:14:24+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RH-OCS-4.7:ocs4/mcg-core-rhel8@sha256:22037eb4c589c5ccf921cd15bb3c82d75fac298d2b53344575c2af7c22d5353c_ppc64le",
"8Base-RH-OCS-4.7:ocs4/mcg-core-rhel8@sha256:5b1046b56cd5d7cbde64a3cfce800b76b3bd7fb0f535ac2382e97eb8fc93314c_amd64",
"8Base-RH-OCS-4.7:ocs4/mcg-core-rhel8@sha256:725dd955d4a2a4c27405d7c0d3141384c1e5bb52276056bc7ab8a35d124dcc0e_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:2041"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"8Base-RH-OCS-4.7:ocs4/cephcsi-rhel8@sha256:779479e90095b760fdca7da317aaf09f76b453aa262bd3c1ac0f41f7af483a2d_ppc64le",
"8Base-RH-OCS-4.7:ocs4/cephcsi-rhel8@sha256:ac0ed0ba8ef78e3b46dcf6936f7d97ac4c0f85ac596f263880b56a12dac36234_amd64",
"8Base-RH-OCS-4.7:ocs4/cephcsi-rhel8@sha256:c7b09f1114aa36be379a9f52b3f156499bcd31d7537f1235a364129d1382497c_s390x",
"8Base-RH-OCS-4.7:ocs4/mcg-core-rhel8@sha256:22037eb4c589c5ccf921cd15bb3c82d75fac298d2b53344575c2af7c22d5353c_ppc64le",
"8Base-RH-OCS-4.7:ocs4/mcg-core-rhel8@sha256:5b1046b56cd5d7cbde64a3cfce800b76b3bd7fb0f535ac2382e97eb8fc93314c_amd64",
"8Base-RH-OCS-4.7:ocs4/mcg-core-rhel8@sha256:725dd955d4a2a4c27405d7c0d3141384c1e5bb52276056bc7ab8a35d124dcc0e_s390x",
"8Base-RH-OCS-4.7:ocs4/mcg-rhel8-operator@sha256:21e57d86bcf007a70bc5e14ff5f0380a1ea26c4d2d2cdf191e9289d04b1f06e7_amd64",
"8Base-RH-OCS-4.7:ocs4/mcg-rhel8-operator@sha256:94dccc304395df6d8b37f8371737646d07cf289f83b30c78c353e9a4dec05b76_s390x",
"8Base-RH-OCS-4.7:ocs4/mcg-rhel8-operator@sha256:bae35f5a3ac521dedd50d8852920f99a3f1c94d1a31a51856eefa24e94516142_ppc64le",
"8Base-RH-OCS-4.7:ocs4/ocs-must-gather-rhel8@sha256:5e4df11fa489a5aa7a03ff3983c9a35143e3a76667ea652c39b499dbacb9a11d_ppc64le",
"8Base-RH-OCS-4.7:ocs4/ocs-must-gather-rhel8@sha256:6512915dabeef1d170bd2a61339d6849c175082151bc2f273bef1036738456e0_s390x",
"8Base-RH-OCS-4.7:ocs4/ocs-must-gather-rhel8@sha256:ca93487e2344a02ab4da0eb010608082134c7e136f2b3cfa51a2d04b10313b3c_amd64",
"8Base-RH-OCS-4.7:ocs4/ocs-operator-bundle@sha256:70c98f7353bd302c55e6fa2f51cb4385309aafeb4a2901c94b44cee2846679fc_amd64",
"8Base-RH-OCS-4.7:ocs4/ocs-operator-bundle@sha256:97f334a7c2d147e0cfded896355f7406bd2c893783011e345dbcb474850d0047_ppc64le",
"8Base-RH-OCS-4.7:ocs4/ocs-operator-bundle@sha256:bce44dc4b764b9b3e99d5d2cdc2242667195d6802ee1a5f1f692aa6e633e5660_s390x",
"8Base-RH-OCS-4.7:ocs4/ocs-rhel8-operator@sha256:7dca985a1723e1c2169124a70182fd29a633ac7b9e9fa28ae24635e203003bc6_ppc64le",
"8Base-RH-OCS-4.7:ocs4/ocs-rhel8-operator@sha256:e715a9a62462de6c45ca82a3acc5d622d2df12ce965d226eb0a90f1cbfa212c5_s390x",
"8Base-RH-OCS-4.7:ocs4/ocs-rhel8-operator@sha256:f6319e4d6e32109deeaebe4d99cc18fd5a272c0655ba73fe2521ca63981efba6_amd64",
"8Base-RH-OCS-4.7:ocs4/rook-ceph-rhel8-operator@sha256:1c57a22591b2277403200cf3e254badcc827416fc01efabfd12c03c265a491b2_s390x",
"8Base-RH-OCS-4.7:ocs4/rook-ceph-rhel8-operator@sha256:de99a6b3cefa44dd22c637cfa2fb54c60d2b0e14970466cea19979e2e59668c7_amd64",
"8Base-RH-OCS-4.7:ocs4/rook-ceph-rhel8-operator@sha256:e25dc5fd74d37ea3b00898557b71cdefc7d508e748bfb230e18db7c2e3d526f4_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "nodejs-y18n: prototype pollution vulnerability"
},
{
"acknowledgments": [
{
"names": [
"the Kubernetes Product Security Committee"
]
},
{
"names": [
"Patrick Rhomberg"
],
"organization": "purelyapplied",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-8565",
"cwe": {
"id": "CWE-117",
"name": "Improper Output Neutralization for Logs"
},
"discovery_date": "2020-10-09T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RH-OCS-4.7:ocs4/cephcsi-rhel8@sha256:779479e90095b760fdca7da317aaf09f76b453aa262bd3c1ac0f41f7af483a2d_ppc64le",
"8Base-RH-OCS-4.7:ocs4/cephcsi-rhel8@sha256:ac0ed0ba8ef78e3b46dcf6936f7d97ac4c0f85ac596f263880b56a12dac36234_amd64",
"8Base-RH-OCS-4.7:ocs4/cephcsi-rhel8@sha256:c7b09f1114aa36be379a9f52b3f156499bcd31d7537f1235a364129d1382497c_s390x",
"8Base-RH-OCS-4.7:ocs4/mcg-core-rhel8@sha256:22037eb4c589c5ccf921cd15bb3c82d75fac298d2b53344575c2af7c22d5353c_ppc64le",
"8Base-RH-OCS-4.7:ocs4/mcg-core-rhel8@sha256:5b1046b56cd5d7cbde64a3cfce800b76b3bd7fb0f535ac2382e97eb8fc93314c_amd64",
"8Base-RH-OCS-4.7:ocs4/mcg-core-rhel8@sha256:725dd955d4a2a4c27405d7c0d3141384c1e5bb52276056bc7ab8a35d124dcc0e_s390x",
"8Base-RH-OCS-4.7:ocs4/mcg-rhel8-operator@sha256:21e57d86bcf007a70bc5e14ff5f0380a1ea26c4d2d2cdf191e9289d04b1f06e7_amd64",
"8Base-RH-OCS-4.7:ocs4/mcg-rhel8-operator@sha256:94dccc304395df6d8b37f8371737646d07cf289f83b30c78c353e9a4dec05b76_s390x",
"8Base-RH-OCS-4.7:ocs4/mcg-rhel8-operator@sha256:bae35f5a3ac521dedd50d8852920f99a3f1c94d1a31a51856eefa24e94516142_ppc64le",
"8Base-RH-OCS-4.7:ocs4/ocs-must-gather-rhel8@sha256:5e4df11fa489a5aa7a03ff3983c9a35143e3a76667ea652c39b499dbacb9a11d_ppc64le",
"8Base-RH-OCS-4.7:ocs4/ocs-must-gather-rhel8@sha256:6512915dabeef1d170bd2a61339d6849c175082151bc2f273bef1036738456e0_s390x",
"8Base-RH-OCS-4.7:ocs4/ocs-must-gather-rhel8@sha256:ca93487e2344a02ab4da0eb010608082134c7e136f2b3cfa51a2d04b10313b3c_amd64",
"8Base-RH-OCS-4.7:ocs4/ocs-operator-bundle@sha256:70c98f7353bd302c55e6fa2f51cb4385309aafeb4a2901c94b44cee2846679fc_amd64",
"8Base-RH-OCS-4.7:ocs4/ocs-operator-bundle@sha256:97f334a7c2d147e0cfded896355f7406bd2c893783011e345dbcb474850d0047_ppc64le",
"8Base-RH-OCS-4.7:ocs4/ocs-operator-bundle@sha256:bce44dc4b764b9b3e99d5d2cdc2242667195d6802ee1a5f1f692aa6e633e5660_s390x",
"8Base-RH-OCS-4.7:ocs4/ocs-rhel8-operator@sha256:7dca985a1723e1c2169124a70182fd29a633ac7b9e9fa28ae24635e203003bc6_ppc64le",
"8Base-RH-OCS-4.7:ocs4/ocs-rhel8-operator@sha256:e715a9a62462de6c45ca82a3acc5d622d2df12ce965d226eb0a90f1cbfa212c5_s390x",
"8Base-RH-OCS-4.7:ocs4/ocs-rhel8-operator@sha256:f6319e4d6e32109deeaebe4d99cc18fd5a272c0655ba73fe2521ca63981efba6_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1886638"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in kubernetes. In Kubernetes, if the logging level is to at least 9, authorization and bearer tokens will be written to log files. This can occur both in API server logs and client tool output like `kubectl`. Previously, CVE-2019-11250 was assigned for the same issue for logging levels of at least 4.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kubernetes: Incomplete fix for CVE-2019-11250 allows for token leak in logs when logLevel \u003e= 9",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform 4 does not support LogLevels higher than 8 (via \u0027TraceAll\u0027), and is therefore not affected by this vulnerability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RH-OCS-4.7:ocs4/rook-ceph-rhel8-operator@sha256:1c57a22591b2277403200cf3e254badcc827416fc01efabfd12c03c265a491b2_s390x",
"8Base-RH-OCS-4.7:ocs4/rook-ceph-rhel8-operator@sha256:de99a6b3cefa44dd22c637cfa2fb54c60d2b0e14970466cea19979e2e59668c7_amd64",
"8Base-RH-OCS-4.7:ocs4/rook-ceph-rhel8-operator@sha256:e25dc5fd74d37ea3b00898557b71cdefc7d508e748bfb230e18db7c2e3d526f4_ppc64le"
],
"known_not_affected": [
"8Base-RH-OCS-4.7:ocs4/cephcsi-rhel8@sha256:779479e90095b760fdca7da317aaf09f76b453aa262bd3c1ac0f41f7af483a2d_ppc64le",
"8Base-RH-OCS-4.7:ocs4/cephcsi-rhel8@sha256:ac0ed0ba8ef78e3b46dcf6936f7d97ac4c0f85ac596f263880b56a12dac36234_amd64",
"8Base-RH-OCS-4.7:ocs4/cephcsi-rhel8@sha256:c7b09f1114aa36be379a9f52b3f156499bcd31d7537f1235a364129d1382497c_s390x",
"8Base-RH-OCS-4.7:ocs4/mcg-core-rhel8@sha256:22037eb4c589c5ccf921cd15bb3c82d75fac298d2b53344575c2af7c22d5353c_ppc64le",
"8Base-RH-OCS-4.7:ocs4/mcg-core-rhel8@sha256:5b1046b56cd5d7cbde64a3cfce800b76b3bd7fb0f535ac2382e97eb8fc93314c_amd64",
"8Base-RH-OCS-4.7:ocs4/mcg-core-rhel8@sha256:725dd955d4a2a4c27405d7c0d3141384c1e5bb52276056bc7ab8a35d124dcc0e_s390x",
"8Base-RH-OCS-4.7:ocs4/mcg-rhel8-operator@sha256:21e57d86bcf007a70bc5e14ff5f0380a1ea26c4d2d2cdf191e9289d04b1f06e7_amd64",
"8Base-RH-OCS-4.7:ocs4/mcg-rhel8-operator@sha256:94dccc304395df6d8b37f8371737646d07cf289f83b30c78c353e9a4dec05b76_s390x",
"8Base-RH-OCS-4.7:ocs4/mcg-rhel8-operator@sha256:bae35f5a3ac521dedd50d8852920f99a3f1c94d1a31a51856eefa24e94516142_ppc64le",
"8Base-RH-OCS-4.7:ocs4/ocs-must-gather-rhel8@sha256:5e4df11fa489a5aa7a03ff3983c9a35143e3a76667ea652c39b499dbacb9a11d_ppc64le",
"8Base-RH-OCS-4.7:ocs4/ocs-must-gather-rhel8@sha256:6512915dabeef1d170bd2a61339d6849c175082151bc2f273bef1036738456e0_s390x",
"8Base-RH-OCS-4.7:ocs4/ocs-must-gather-rhel8@sha256:ca93487e2344a02ab4da0eb010608082134c7e136f2b3cfa51a2d04b10313b3c_amd64",
"8Base-RH-OCS-4.7:ocs4/ocs-operator-bundle@sha256:70c98f7353bd302c55e6fa2f51cb4385309aafeb4a2901c94b44cee2846679fc_amd64",
"8Base-RH-OCS-4.7:ocs4/ocs-operator-bundle@sha256:97f334a7c2d147e0cfded896355f7406bd2c893783011e345dbcb474850d0047_ppc64le",
"8Base-RH-OCS-4.7:ocs4/ocs-operator-bundle@sha256:bce44dc4b764b9b3e99d5d2cdc2242667195d6802ee1a5f1f692aa6e633e5660_s390x",
"8Base-RH-OCS-4.7:ocs4/ocs-rhel8-operator@sha256:7dca985a1723e1c2169124a70182fd29a633ac7b9e9fa28ae24635e203003bc6_ppc64le",
"8Base-RH-OCS-4.7:ocs4/ocs-rhel8-operator@sha256:e715a9a62462de6c45ca82a3acc5d622d2df12ce965d226eb0a90f1cbfa212c5_s390x",
"8Base-RH-OCS-4.7:ocs4/ocs-rhel8-operator@sha256:f6319e4d6e32109deeaebe4d99cc18fd5a272c0655ba73fe2521ca63981efba6_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-8565"
},
{
"category": "external",
"summary": "RHBZ#1886638",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1886638"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-8565",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8565"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8565",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8565"
},
{
"category": "external",
"summary": "https://github.com/kubernetes/kubernetes/issues/95623",
"url": "https://github.com/kubernetes/kubernetes/issues/95623"
},
{
"category": "external",
"summary": "https://groups.google.com/g/kubernetes-announce/c/ScdmyORnPDk",
"url": "https://groups.google.com/g/kubernetes-announce/c/ScdmyORnPDk"
}
],
"release_date": "2020-10-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-19T09:14:24+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RH-OCS-4.7:ocs4/rook-ceph-rhel8-operator@sha256:1c57a22591b2277403200cf3e254badcc827416fc01efabfd12c03c265a491b2_s390x",
"8Base-RH-OCS-4.7:ocs4/rook-ceph-rhel8-operator@sha256:de99a6b3cefa44dd22c637cfa2fb54c60d2b0e14970466cea19979e2e59668c7_amd64",
"8Base-RH-OCS-4.7:ocs4/rook-ceph-rhel8-operator@sha256:e25dc5fd74d37ea3b00898557b71cdefc7d508e748bfb230e18db7c2e3d526f4_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:2041"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-RH-OCS-4.7:ocs4/cephcsi-rhel8@sha256:779479e90095b760fdca7da317aaf09f76b453aa262bd3c1ac0f41f7af483a2d_ppc64le",
"8Base-RH-OCS-4.7:ocs4/cephcsi-rhel8@sha256:ac0ed0ba8ef78e3b46dcf6936f7d97ac4c0f85ac596f263880b56a12dac36234_amd64",
"8Base-RH-OCS-4.7:ocs4/cephcsi-rhel8@sha256:c7b09f1114aa36be379a9f52b3f156499bcd31d7537f1235a364129d1382497c_s390x",
"8Base-RH-OCS-4.7:ocs4/mcg-core-rhel8@sha256:22037eb4c589c5ccf921cd15bb3c82d75fac298d2b53344575c2af7c22d5353c_ppc64le",
"8Base-RH-OCS-4.7:ocs4/mcg-core-rhel8@sha256:5b1046b56cd5d7cbde64a3cfce800b76b3bd7fb0f535ac2382e97eb8fc93314c_amd64",
"8Base-RH-OCS-4.7:ocs4/mcg-core-rhel8@sha256:725dd955d4a2a4c27405d7c0d3141384c1e5bb52276056bc7ab8a35d124dcc0e_s390x",
"8Base-RH-OCS-4.7:ocs4/mcg-rhel8-operator@sha256:21e57d86bcf007a70bc5e14ff5f0380a1ea26c4d2d2cdf191e9289d04b1f06e7_amd64",
"8Base-RH-OCS-4.7:ocs4/mcg-rhel8-operator@sha256:94dccc304395df6d8b37f8371737646d07cf289f83b30c78c353e9a4dec05b76_s390x",
"8Base-RH-OCS-4.7:ocs4/mcg-rhel8-operator@sha256:bae35f5a3ac521dedd50d8852920f99a3f1c94d1a31a51856eefa24e94516142_ppc64le",
"8Base-RH-OCS-4.7:ocs4/ocs-must-gather-rhel8@sha256:5e4df11fa489a5aa7a03ff3983c9a35143e3a76667ea652c39b499dbacb9a11d_ppc64le",
"8Base-RH-OCS-4.7:ocs4/ocs-must-gather-rhel8@sha256:6512915dabeef1d170bd2a61339d6849c175082151bc2f273bef1036738456e0_s390x",
"8Base-RH-OCS-4.7:ocs4/ocs-must-gather-rhel8@sha256:ca93487e2344a02ab4da0eb010608082134c7e136f2b3cfa51a2d04b10313b3c_amd64",
"8Base-RH-OCS-4.7:ocs4/ocs-operator-bundle@sha256:70c98f7353bd302c55e6fa2f51cb4385309aafeb4a2901c94b44cee2846679fc_amd64",
"8Base-RH-OCS-4.7:ocs4/ocs-operator-bundle@sha256:97f334a7c2d147e0cfded896355f7406bd2c893783011e345dbcb474850d0047_ppc64le",
"8Base-RH-OCS-4.7:ocs4/ocs-operator-bundle@sha256:bce44dc4b764b9b3e99d5d2cdc2242667195d6802ee1a5f1f692aa6e633e5660_s390x",
"8Base-RH-OCS-4.7:ocs4/ocs-rhel8-operator@sha256:7dca985a1723e1c2169124a70182fd29a633ac7b9e9fa28ae24635e203003bc6_ppc64le",
"8Base-RH-OCS-4.7:ocs4/ocs-rhel8-operator@sha256:e715a9a62462de6c45ca82a3acc5d622d2df12ce965d226eb0a90f1cbfa212c5_s390x",
"8Base-RH-OCS-4.7:ocs4/ocs-rhel8-operator@sha256:f6319e4d6e32109deeaebe4d99cc18fd5a272c0655ba73fe2521ca63981efba6_amd64",
"8Base-RH-OCS-4.7:ocs4/rook-ceph-rhel8-operator@sha256:1c57a22591b2277403200cf3e254badcc827416fc01efabfd12c03c265a491b2_s390x",
"8Base-RH-OCS-4.7:ocs4/rook-ceph-rhel8-operator@sha256:de99a6b3cefa44dd22c637cfa2fb54c60d2b0e14970466cea19979e2e59668c7_amd64",
"8Base-RH-OCS-4.7:ocs4/rook-ceph-rhel8-operator@sha256:e25dc5fd74d37ea3b00898557b71cdefc7d508e748bfb230e18db7c2e3d526f4_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kubernetes: Incomplete fix for CVE-2019-11250 allows for token leak in logs when logLevel \u003e= 9"
},
{
"cve": "CVE-2020-26160",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"discovery_date": "2020-09-23T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RH-OCS-4.7:ocs4/cephcsi-rhel8@sha256:779479e90095b760fdca7da317aaf09f76b453aa262bd3c1ac0f41f7af483a2d_ppc64le",
"8Base-RH-OCS-4.7:ocs4/cephcsi-rhel8@sha256:ac0ed0ba8ef78e3b46dcf6936f7d97ac4c0f85ac596f263880b56a12dac36234_amd64",
"8Base-RH-OCS-4.7:ocs4/cephcsi-rhel8@sha256:c7b09f1114aa36be379a9f52b3f156499bcd31d7537f1235a364129d1382497c_s390x",
"8Base-RH-OCS-4.7:ocs4/mcg-core-rhel8@sha256:22037eb4c589c5ccf921cd15bb3c82d75fac298d2b53344575c2af7c22d5353c_ppc64le",
"8Base-RH-OCS-4.7:ocs4/mcg-core-rhel8@sha256:5b1046b56cd5d7cbde64a3cfce800b76b3bd7fb0f535ac2382e97eb8fc93314c_amd64",
"8Base-RH-OCS-4.7:ocs4/mcg-core-rhel8@sha256:725dd955d4a2a4c27405d7c0d3141384c1e5bb52276056bc7ab8a35d124dcc0e_s390x",
"8Base-RH-OCS-4.7:ocs4/ocs-must-gather-rhel8@sha256:5e4df11fa489a5aa7a03ff3983c9a35143e3a76667ea652c39b499dbacb9a11d_ppc64le",
"8Base-RH-OCS-4.7:ocs4/ocs-must-gather-rhel8@sha256:6512915dabeef1d170bd2a61339d6849c175082151bc2f273bef1036738456e0_s390x",
"8Base-RH-OCS-4.7:ocs4/ocs-must-gather-rhel8@sha256:ca93487e2344a02ab4da0eb010608082134c7e136f2b3cfa51a2d04b10313b3c_amd64",
"8Base-RH-OCS-4.7:ocs4/ocs-operator-bundle@sha256:70c98f7353bd302c55e6fa2f51cb4385309aafeb4a2901c94b44cee2846679fc_amd64",
"8Base-RH-OCS-4.7:ocs4/ocs-operator-bundle@sha256:97f334a7c2d147e0cfded896355f7406bd2c893783011e345dbcb474850d0047_ppc64le",
"8Base-RH-OCS-4.7:ocs4/ocs-operator-bundle@sha256:bce44dc4b764b9b3e99d5d2cdc2242667195d6802ee1a5f1f692aa6e633e5660_s390x",
"8Base-RH-OCS-4.7:ocs4/ocs-rhel8-operator@sha256:7dca985a1723e1c2169124a70182fd29a633ac7b9e9fa28ae24635e203003bc6_ppc64le",
"8Base-RH-OCS-4.7:ocs4/ocs-rhel8-operator@sha256:e715a9a62462de6c45ca82a3acc5d622d2df12ce965d226eb0a90f1cbfa212c5_s390x",
"8Base-RH-OCS-4.7:ocs4/ocs-rhel8-operator@sha256:f6319e4d6e32109deeaebe4d99cc18fd5a272c0655ba73fe2521ca63981efba6_amd64",
"8Base-RH-OCS-4.7:ocs4/rook-ceph-rhel8-operator@sha256:1c57a22591b2277403200cf3e254badcc827416fc01efabfd12c03c265a491b2_s390x",
"8Base-RH-OCS-4.7:ocs4/rook-ceph-rhel8-operator@sha256:de99a6b3cefa44dd22c637cfa2fb54c60d2b0e14970466cea19979e2e59668c7_amd64",
"8Base-RH-OCS-4.7:ocs4/rook-ceph-rhel8-operator@sha256:e25dc5fd74d37ea3b00898557b71cdefc7d508e748bfb230e18db7c2e3d526f4_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1883371"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in jwt-go where it is vulnerable to Access Restriction Bypass if m[\"aud\"] happens to be []string{}, as allowed by the spec, the type assertion fails and the value of aud is \"\". This can cause audience verification to succeed even if the audiences being passed are incorrect if required is set to false.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jwt-go: access restriction bypass vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The github.com/dgrijalva/jwt-go module is an indirect dependency of the k8s.io/client-go module pulled into Quay Bridge, and Setup operators via the Operator\u0027s SDK generated code. The k8s.io/client-go module does not use jwt-go in an unsafe way [1]. Red Hat Quay components have been marked as wontfix. This may be fixed in the future.\n\nSimilar to Quay, multiple OpenShift Container Platform (OCP) containers include jwt-go as a transient dependency due to go-autorest [1]. As such, those containers do not use jwt-go in an unsafe way. They have been marked wontfix at this time and may be fixed in a future update.\n\nSame as Quay and OpenShift Container Platform, components shipped with Red Hat OpenShift Container Storage 4 do not use jwt-go in an unsafe way and hence this issue has been rated as having a security impact of Low. A future update may address this issue.\n\nRed Hat Gluster Storage 3 shipped multi-cloud-object-gateway-cli as a technical preview and is not currently planned to be addressed in future updates, hence the multi-cloud-object-gateway-cli package will not be fixed.\n\n[1] https://github.com/Azure/go-autorest/issues/568#issuecomment-703804062",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RH-OCS-4.7:ocs4/mcg-rhel8-operator@sha256:21e57d86bcf007a70bc5e14ff5f0380a1ea26c4d2d2cdf191e9289d04b1f06e7_amd64",
"8Base-RH-OCS-4.7:ocs4/mcg-rhel8-operator@sha256:94dccc304395df6d8b37f8371737646d07cf289f83b30c78c353e9a4dec05b76_s390x",
"8Base-RH-OCS-4.7:ocs4/mcg-rhel8-operator@sha256:bae35f5a3ac521dedd50d8852920f99a3f1c94d1a31a51856eefa24e94516142_ppc64le"
],
"known_not_affected": [
"8Base-RH-OCS-4.7:ocs4/cephcsi-rhel8@sha256:779479e90095b760fdca7da317aaf09f76b453aa262bd3c1ac0f41f7af483a2d_ppc64le",
"8Base-RH-OCS-4.7:ocs4/cephcsi-rhel8@sha256:ac0ed0ba8ef78e3b46dcf6936f7d97ac4c0f85ac596f263880b56a12dac36234_amd64",
"8Base-RH-OCS-4.7:ocs4/cephcsi-rhel8@sha256:c7b09f1114aa36be379a9f52b3f156499bcd31d7537f1235a364129d1382497c_s390x",
"8Base-RH-OCS-4.7:ocs4/mcg-core-rhel8@sha256:22037eb4c589c5ccf921cd15bb3c82d75fac298d2b53344575c2af7c22d5353c_ppc64le",
"8Base-RH-OCS-4.7:ocs4/mcg-core-rhel8@sha256:5b1046b56cd5d7cbde64a3cfce800b76b3bd7fb0f535ac2382e97eb8fc93314c_amd64",
"8Base-RH-OCS-4.7:ocs4/mcg-core-rhel8@sha256:725dd955d4a2a4c27405d7c0d3141384c1e5bb52276056bc7ab8a35d124dcc0e_s390x",
"8Base-RH-OCS-4.7:ocs4/ocs-must-gather-rhel8@sha256:5e4df11fa489a5aa7a03ff3983c9a35143e3a76667ea652c39b499dbacb9a11d_ppc64le",
"8Base-RH-OCS-4.7:ocs4/ocs-must-gather-rhel8@sha256:6512915dabeef1d170bd2a61339d6849c175082151bc2f273bef1036738456e0_s390x",
"8Base-RH-OCS-4.7:ocs4/ocs-must-gather-rhel8@sha256:ca93487e2344a02ab4da0eb010608082134c7e136f2b3cfa51a2d04b10313b3c_amd64",
"8Base-RH-OCS-4.7:ocs4/ocs-operator-bundle@sha256:70c98f7353bd302c55e6fa2f51cb4385309aafeb4a2901c94b44cee2846679fc_amd64",
"8Base-RH-OCS-4.7:ocs4/ocs-operator-bundle@sha256:97f334a7c2d147e0cfded896355f7406bd2c893783011e345dbcb474850d0047_ppc64le",
"8Base-RH-OCS-4.7:ocs4/ocs-operator-bundle@sha256:bce44dc4b764b9b3e99d5d2cdc2242667195d6802ee1a5f1f692aa6e633e5660_s390x",
"8Base-RH-OCS-4.7:ocs4/ocs-rhel8-operator@sha256:7dca985a1723e1c2169124a70182fd29a633ac7b9e9fa28ae24635e203003bc6_ppc64le",
"8Base-RH-OCS-4.7:ocs4/ocs-rhel8-operator@sha256:e715a9a62462de6c45ca82a3acc5d622d2df12ce965d226eb0a90f1cbfa212c5_s390x",
"8Base-RH-OCS-4.7:ocs4/ocs-rhel8-operator@sha256:f6319e4d6e32109deeaebe4d99cc18fd5a272c0655ba73fe2521ca63981efba6_amd64",
"8Base-RH-OCS-4.7:ocs4/rook-ceph-rhel8-operator@sha256:1c57a22591b2277403200cf3e254badcc827416fc01efabfd12c03c265a491b2_s390x",
"8Base-RH-OCS-4.7:ocs4/rook-ceph-rhel8-operator@sha256:de99a6b3cefa44dd22c637cfa2fb54c60d2b0e14970466cea19979e2e59668c7_amd64",
"8Base-RH-OCS-4.7:ocs4/rook-ceph-rhel8-operator@sha256:e25dc5fd74d37ea3b00898557b71cdefc7d508e748bfb230e18db7c2e3d526f4_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26160"
},
{
"category": "external",
"summary": "RHBZ#1883371",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1883371"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26160",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26160"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26160",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26160"
},
{
"category": "external",
"summary": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMDGRIJALVAJWTGO-596515",
"url": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMDGRIJALVAJWTGO-596515"
}
],
"release_date": "2020-09-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-19T09:14:24+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RH-OCS-4.7:ocs4/mcg-rhel8-operator@sha256:21e57d86bcf007a70bc5e14ff5f0380a1ea26c4d2d2cdf191e9289d04b1f06e7_amd64",
"8Base-RH-OCS-4.7:ocs4/mcg-rhel8-operator@sha256:94dccc304395df6d8b37f8371737646d07cf289f83b30c78c353e9a4dec05b76_s390x",
"8Base-RH-OCS-4.7:ocs4/mcg-rhel8-operator@sha256:bae35f5a3ac521dedd50d8852920f99a3f1c94d1a31a51856eefa24e94516142_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:2041"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-RH-OCS-4.7:ocs4/cephcsi-rhel8@sha256:779479e90095b760fdca7da317aaf09f76b453aa262bd3c1ac0f41f7af483a2d_ppc64le",
"8Base-RH-OCS-4.7:ocs4/cephcsi-rhel8@sha256:ac0ed0ba8ef78e3b46dcf6936f7d97ac4c0f85ac596f263880b56a12dac36234_amd64",
"8Base-RH-OCS-4.7:ocs4/cephcsi-rhel8@sha256:c7b09f1114aa36be379a9f52b3f156499bcd31d7537f1235a364129d1382497c_s390x",
"8Base-RH-OCS-4.7:ocs4/mcg-core-rhel8@sha256:22037eb4c589c5ccf921cd15bb3c82d75fac298d2b53344575c2af7c22d5353c_ppc64le",
"8Base-RH-OCS-4.7:ocs4/mcg-core-rhel8@sha256:5b1046b56cd5d7cbde64a3cfce800b76b3bd7fb0f535ac2382e97eb8fc93314c_amd64",
"8Base-RH-OCS-4.7:ocs4/mcg-core-rhel8@sha256:725dd955d4a2a4c27405d7c0d3141384c1e5bb52276056bc7ab8a35d124dcc0e_s390x",
"8Base-RH-OCS-4.7:ocs4/mcg-rhel8-operator@sha256:21e57d86bcf007a70bc5e14ff5f0380a1ea26c4d2d2cdf191e9289d04b1f06e7_amd64",
"8Base-RH-OCS-4.7:ocs4/mcg-rhel8-operator@sha256:94dccc304395df6d8b37f8371737646d07cf289f83b30c78c353e9a4dec05b76_s390x",
"8Base-RH-OCS-4.7:ocs4/mcg-rhel8-operator@sha256:bae35f5a3ac521dedd50d8852920f99a3f1c94d1a31a51856eefa24e94516142_ppc64le",
"8Base-RH-OCS-4.7:ocs4/ocs-must-gather-rhel8@sha256:5e4df11fa489a5aa7a03ff3983c9a35143e3a76667ea652c39b499dbacb9a11d_ppc64le",
"8Base-RH-OCS-4.7:ocs4/ocs-must-gather-rhel8@sha256:6512915dabeef1d170bd2a61339d6849c175082151bc2f273bef1036738456e0_s390x",
"8Base-RH-OCS-4.7:ocs4/ocs-must-gather-rhel8@sha256:ca93487e2344a02ab4da0eb010608082134c7e136f2b3cfa51a2d04b10313b3c_amd64",
"8Base-RH-OCS-4.7:ocs4/ocs-operator-bundle@sha256:70c98f7353bd302c55e6fa2f51cb4385309aafeb4a2901c94b44cee2846679fc_amd64",
"8Base-RH-OCS-4.7:ocs4/ocs-operator-bundle@sha256:97f334a7c2d147e0cfded896355f7406bd2c893783011e345dbcb474850d0047_ppc64le",
"8Base-RH-OCS-4.7:ocs4/ocs-operator-bundle@sha256:bce44dc4b764b9b3e99d5d2cdc2242667195d6802ee1a5f1f692aa6e633e5660_s390x",
"8Base-RH-OCS-4.7:ocs4/ocs-rhel8-operator@sha256:7dca985a1723e1c2169124a70182fd29a633ac7b9e9fa28ae24635e203003bc6_ppc64le",
"8Base-RH-OCS-4.7:ocs4/ocs-rhel8-operator@sha256:e715a9a62462de6c45ca82a3acc5d622d2df12ce965d226eb0a90f1cbfa212c5_s390x",
"8Base-RH-OCS-4.7:ocs4/ocs-rhel8-operator@sha256:f6319e4d6e32109deeaebe4d99cc18fd5a272c0655ba73fe2521ca63981efba6_amd64",
"8Base-RH-OCS-4.7:ocs4/rook-ceph-rhel8-operator@sha256:1c57a22591b2277403200cf3e254badcc827416fc01efabfd12c03c265a491b2_s390x",
"8Base-RH-OCS-4.7:ocs4/rook-ceph-rhel8-operator@sha256:de99a6b3cefa44dd22c637cfa2fb54c60d2b0e14970466cea19979e2e59668c7_amd64",
"8Base-RH-OCS-4.7:ocs4/rook-ceph-rhel8-operator@sha256:e25dc5fd74d37ea3b00898557b71cdefc7d508e748bfb230e18db7c2e3d526f4_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "jwt-go: access restriction bypass vulnerability"
},
{
"cve": "CVE-2020-26289",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2020-12-28T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RH-OCS-4.7:ocs4/cephcsi-rhel8@sha256:779479e90095b760fdca7da317aaf09f76b453aa262bd3c1ac0f41f7af483a2d_ppc64le",
"8Base-RH-OCS-4.7:ocs4/cephcsi-rhel8@sha256:ac0ed0ba8ef78e3b46dcf6936f7d97ac4c0f85ac596f263880b56a12dac36234_amd64",
"8Base-RH-OCS-4.7:ocs4/cephcsi-rhel8@sha256:c7b09f1114aa36be379a9f52b3f156499bcd31d7537f1235a364129d1382497c_s390x",
"8Base-RH-OCS-4.7:ocs4/mcg-rhel8-operator@sha256:21e57d86bcf007a70bc5e14ff5f0380a1ea26c4d2d2cdf191e9289d04b1f06e7_amd64",
"8Base-RH-OCS-4.7:ocs4/mcg-rhel8-operator@sha256:94dccc304395df6d8b37f8371737646d07cf289f83b30c78c353e9a4dec05b76_s390x",
"8Base-RH-OCS-4.7:ocs4/mcg-rhel8-operator@sha256:bae35f5a3ac521dedd50d8852920f99a3f1c94d1a31a51856eefa24e94516142_ppc64le",
"8Base-RH-OCS-4.7:ocs4/ocs-must-gather-rhel8@sha256:5e4df11fa489a5aa7a03ff3983c9a35143e3a76667ea652c39b499dbacb9a11d_ppc64le",
"8Base-RH-OCS-4.7:ocs4/ocs-must-gather-rhel8@sha256:6512915dabeef1d170bd2a61339d6849c175082151bc2f273bef1036738456e0_s390x",
"8Base-RH-OCS-4.7:ocs4/ocs-must-gather-rhel8@sha256:ca93487e2344a02ab4da0eb010608082134c7e136f2b3cfa51a2d04b10313b3c_amd64",
"8Base-RH-OCS-4.7:ocs4/ocs-operator-bundle@sha256:70c98f7353bd302c55e6fa2f51cb4385309aafeb4a2901c94b44cee2846679fc_amd64",
"8Base-RH-OCS-4.7:ocs4/ocs-operator-bundle@sha256:97f334a7c2d147e0cfded896355f7406bd2c893783011e345dbcb474850d0047_ppc64le",
"8Base-RH-OCS-4.7:ocs4/ocs-operator-bundle@sha256:bce44dc4b764b9b3e99d5d2cdc2242667195d6802ee1a5f1f692aa6e633e5660_s390x",
"8Base-RH-OCS-4.7:ocs4/ocs-rhel8-operator@sha256:7dca985a1723e1c2169124a70182fd29a633ac7b9e9fa28ae24635e203003bc6_ppc64le",
"8Base-RH-OCS-4.7:ocs4/ocs-rhel8-operator@sha256:e715a9a62462de6c45ca82a3acc5d622d2df12ce965d226eb0a90f1cbfa212c5_s390x",
"8Base-RH-OCS-4.7:ocs4/ocs-rhel8-operator@sha256:f6319e4d6e32109deeaebe4d99cc18fd5a272c0655ba73fe2521ca63981efba6_amd64",
"8Base-RH-OCS-4.7:ocs4/rook-ceph-rhel8-operator@sha256:1c57a22591b2277403200cf3e254badcc827416fc01efabfd12c03c265a491b2_s390x",
"8Base-RH-OCS-4.7:ocs4/rook-ceph-rhel8-operator@sha256:de99a6b3cefa44dd22c637cfa2fb54c60d2b0e14970466cea19979e2e59668c7_amd64",
"8Base-RH-OCS-4.7:ocs4/rook-ceph-rhel8-operator@sha256:e25dc5fd74d37ea3b00898557b71cdefc7d508e748bfb230e18db7c2e3d526f4_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1911627"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in nodejs-date-and-time. In date-and-time there a regular expression involved in parsing which can be exploited to cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-date-and-time: ReDoS in parsing via date.compile",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RH-OCS-4.7:ocs4/mcg-core-rhel8@sha256:22037eb4c589c5ccf921cd15bb3c82d75fac298d2b53344575c2af7c22d5353c_ppc64le",
"8Base-RH-OCS-4.7:ocs4/mcg-core-rhel8@sha256:5b1046b56cd5d7cbde64a3cfce800b76b3bd7fb0f535ac2382e97eb8fc93314c_amd64",
"8Base-RH-OCS-4.7:ocs4/mcg-core-rhel8@sha256:725dd955d4a2a4c27405d7c0d3141384c1e5bb52276056bc7ab8a35d124dcc0e_s390x"
],
"known_not_affected": [
"8Base-RH-OCS-4.7:ocs4/cephcsi-rhel8@sha256:779479e90095b760fdca7da317aaf09f76b453aa262bd3c1ac0f41f7af483a2d_ppc64le",
"8Base-RH-OCS-4.7:ocs4/cephcsi-rhel8@sha256:ac0ed0ba8ef78e3b46dcf6936f7d97ac4c0f85ac596f263880b56a12dac36234_amd64",
"8Base-RH-OCS-4.7:ocs4/cephcsi-rhel8@sha256:c7b09f1114aa36be379a9f52b3f156499bcd31d7537f1235a364129d1382497c_s390x",
"8Base-RH-OCS-4.7:ocs4/mcg-rhel8-operator@sha256:21e57d86bcf007a70bc5e14ff5f0380a1ea26c4d2d2cdf191e9289d04b1f06e7_amd64",
"8Base-RH-OCS-4.7:ocs4/mcg-rhel8-operator@sha256:94dccc304395df6d8b37f8371737646d07cf289f83b30c78c353e9a4dec05b76_s390x",
"8Base-RH-OCS-4.7:ocs4/mcg-rhel8-operator@sha256:bae35f5a3ac521dedd50d8852920f99a3f1c94d1a31a51856eefa24e94516142_ppc64le",
"8Base-RH-OCS-4.7:ocs4/ocs-must-gather-rhel8@sha256:5e4df11fa489a5aa7a03ff3983c9a35143e3a76667ea652c39b499dbacb9a11d_ppc64le",
"8Base-RH-OCS-4.7:ocs4/ocs-must-gather-rhel8@sha256:6512915dabeef1d170bd2a61339d6849c175082151bc2f273bef1036738456e0_s390x",
"8Base-RH-OCS-4.7:ocs4/ocs-must-gather-rhel8@sha256:ca93487e2344a02ab4da0eb010608082134c7e136f2b3cfa51a2d04b10313b3c_amd64",
"8Base-RH-OCS-4.7:ocs4/ocs-operator-bundle@sha256:70c98f7353bd302c55e6fa2f51cb4385309aafeb4a2901c94b44cee2846679fc_amd64",
"8Base-RH-OCS-4.7:ocs4/ocs-operator-bundle@sha256:97f334a7c2d147e0cfded896355f7406bd2c893783011e345dbcb474850d0047_ppc64le",
"8Base-RH-OCS-4.7:ocs4/ocs-operator-bundle@sha256:bce44dc4b764b9b3e99d5d2cdc2242667195d6802ee1a5f1f692aa6e633e5660_s390x",
"8Base-RH-OCS-4.7:ocs4/ocs-rhel8-operator@sha256:7dca985a1723e1c2169124a70182fd29a633ac7b9e9fa28ae24635e203003bc6_ppc64le",
"8Base-RH-OCS-4.7:ocs4/ocs-rhel8-operator@sha256:e715a9a62462de6c45ca82a3acc5d622d2df12ce965d226eb0a90f1cbfa212c5_s390x",
"8Base-RH-OCS-4.7:ocs4/ocs-rhel8-operator@sha256:f6319e4d6e32109deeaebe4d99cc18fd5a272c0655ba73fe2521ca63981efba6_amd64",
"8Base-RH-OCS-4.7:ocs4/rook-ceph-rhel8-operator@sha256:1c57a22591b2277403200cf3e254badcc827416fc01efabfd12c03c265a491b2_s390x",
"8Base-RH-OCS-4.7:ocs4/rook-ceph-rhel8-operator@sha256:de99a6b3cefa44dd22c637cfa2fb54c60d2b0e14970466cea19979e2e59668c7_amd64",
"8Base-RH-OCS-4.7:ocs4/rook-ceph-rhel8-operator@sha256:e25dc5fd74d37ea3b00898557b71cdefc7d508e748bfb230e18db7c2e3d526f4_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26289"
},
{
"category": "external",
"summary": "RHBZ#1911627",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1911627"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26289",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26289"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26289",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26289"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-r92x-f52r-x54g",
"url": "https://github.com/advisories/GHSA-r92x-f52r-x54g"
},
{
"category": "external",
"summary": "https://www.npmjs.com/advisories/1592",
"url": "https://www.npmjs.com/advisories/1592"
}
],
"release_date": "2020-12-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-19T09:14:24+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RH-OCS-4.7:ocs4/mcg-core-rhel8@sha256:22037eb4c589c5ccf921cd15bb3c82d75fac298d2b53344575c2af7c22d5353c_ppc64le",
"8Base-RH-OCS-4.7:ocs4/mcg-core-rhel8@sha256:5b1046b56cd5d7cbde64a3cfce800b76b3bd7fb0f535ac2382e97eb8fc93314c_amd64",
"8Base-RH-OCS-4.7:ocs4/mcg-core-rhel8@sha256:725dd955d4a2a4c27405d7c0d3141384c1e5bb52276056bc7ab8a35d124dcc0e_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:2041"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RH-OCS-4.7:ocs4/cephcsi-rhel8@sha256:779479e90095b760fdca7da317aaf09f76b453aa262bd3c1ac0f41f7af483a2d_ppc64le",
"8Base-RH-OCS-4.7:ocs4/cephcsi-rhel8@sha256:ac0ed0ba8ef78e3b46dcf6936f7d97ac4c0f85ac596f263880b56a12dac36234_amd64",
"8Base-RH-OCS-4.7:ocs4/cephcsi-rhel8@sha256:c7b09f1114aa36be379a9f52b3f156499bcd31d7537f1235a364129d1382497c_s390x",
"8Base-RH-OCS-4.7:ocs4/mcg-core-rhel8@sha256:22037eb4c589c5ccf921cd15bb3c82d75fac298d2b53344575c2af7c22d5353c_ppc64le",
"8Base-RH-OCS-4.7:ocs4/mcg-core-rhel8@sha256:5b1046b56cd5d7cbde64a3cfce800b76b3bd7fb0f535ac2382e97eb8fc93314c_amd64",
"8Base-RH-OCS-4.7:ocs4/mcg-core-rhel8@sha256:725dd955d4a2a4c27405d7c0d3141384c1e5bb52276056bc7ab8a35d124dcc0e_s390x",
"8Base-RH-OCS-4.7:ocs4/mcg-rhel8-operator@sha256:21e57d86bcf007a70bc5e14ff5f0380a1ea26c4d2d2cdf191e9289d04b1f06e7_amd64",
"8Base-RH-OCS-4.7:ocs4/mcg-rhel8-operator@sha256:94dccc304395df6d8b37f8371737646d07cf289f83b30c78c353e9a4dec05b76_s390x",
"8Base-RH-OCS-4.7:ocs4/mcg-rhel8-operator@sha256:bae35f5a3ac521dedd50d8852920f99a3f1c94d1a31a51856eefa24e94516142_ppc64le",
"8Base-RH-OCS-4.7:ocs4/ocs-must-gather-rhel8@sha256:5e4df11fa489a5aa7a03ff3983c9a35143e3a76667ea652c39b499dbacb9a11d_ppc64le",
"8Base-RH-OCS-4.7:ocs4/ocs-must-gather-rhel8@sha256:6512915dabeef1d170bd2a61339d6849c175082151bc2f273bef1036738456e0_s390x",
"8Base-RH-OCS-4.7:ocs4/ocs-must-gather-rhel8@sha256:ca93487e2344a02ab4da0eb010608082134c7e136f2b3cfa51a2d04b10313b3c_amd64",
"8Base-RH-OCS-4.7:ocs4/ocs-operator-bundle@sha256:70c98f7353bd302c55e6fa2f51cb4385309aafeb4a2901c94b44cee2846679fc_amd64",
"8Base-RH-OCS-4.7:ocs4/ocs-operator-bundle@sha256:97f334a7c2d147e0cfded896355f7406bd2c893783011e345dbcb474850d0047_ppc64le",
"8Base-RH-OCS-4.7:ocs4/ocs-operator-bundle@sha256:bce44dc4b764b9b3e99d5d2cdc2242667195d6802ee1a5f1f692aa6e633e5660_s390x",
"8Base-RH-OCS-4.7:ocs4/ocs-rhel8-operator@sha256:7dca985a1723e1c2169124a70182fd29a633ac7b9e9fa28ae24635e203003bc6_ppc64le",
"8Base-RH-OCS-4.7:ocs4/ocs-rhel8-operator@sha256:e715a9a62462de6c45ca82a3acc5d622d2df12ce965d226eb0a90f1cbfa212c5_s390x",
"8Base-RH-OCS-4.7:ocs4/ocs-rhel8-operator@sha256:f6319e4d6e32109deeaebe4d99cc18fd5a272c0655ba73fe2521ca63981efba6_amd64",
"8Base-RH-OCS-4.7:ocs4/rook-ceph-rhel8-operator@sha256:1c57a22591b2277403200cf3e254badcc827416fc01efabfd12c03c265a491b2_s390x",
"8Base-RH-OCS-4.7:ocs4/rook-ceph-rhel8-operator@sha256:de99a6b3cefa44dd22c637cfa2fb54c60d2b0e14970466cea19979e2e59668c7_amd64",
"8Base-RH-OCS-4.7:ocs4/rook-ceph-rhel8-operator@sha256:e25dc5fd74d37ea3b00898557b71cdefc7d508e748bfb230e18db7c2e3d526f4_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs-date-and-time: ReDoS in parsing via date.compile"
},
{
"cve": "CVE-2020-28362",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2020-11-12T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RH-OCS-4.7:ocs4/cephcsi-rhel8@sha256:779479e90095b760fdca7da317aaf09f76b453aa262bd3c1ac0f41f7af483a2d_ppc64le",
"8Base-RH-OCS-4.7:ocs4/cephcsi-rhel8@sha256:ac0ed0ba8ef78e3b46dcf6936f7d97ac4c0f85ac596f263880b56a12dac36234_amd64",
"8Base-RH-OCS-4.7:ocs4/cephcsi-rhel8@sha256:c7b09f1114aa36be379a9f52b3f156499bcd31d7537f1235a364129d1382497c_s390x",
"8Base-RH-OCS-4.7:ocs4/mcg-core-rhel8@sha256:22037eb4c589c5ccf921cd15bb3c82d75fac298d2b53344575c2af7c22d5353c_ppc64le",
"8Base-RH-OCS-4.7:ocs4/mcg-core-rhel8@sha256:5b1046b56cd5d7cbde64a3cfce800b76b3bd7fb0f535ac2382e97eb8fc93314c_amd64",
"8Base-RH-OCS-4.7:ocs4/mcg-core-rhel8@sha256:725dd955d4a2a4c27405d7c0d3141384c1e5bb52276056bc7ab8a35d124dcc0e_s390x",
"8Base-RH-OCS-4.7:ocs4/ocs-must-gather-rhel8@sha256:5e4df11fa489a5aa7a03ff3983c9a35143e3a76667ea652c39b499dbacb9a11d_ppc64le",
"8Base-RH-OCS-4.7:ocs4/ocs-must-gather-rhel8@sha256:6512915dabeef1d170bd2a61339d6849c175082151bc2f273bef1036738456e0_s390x",
"8Base-RH-OCS-4.7:ocs4/ocs-must-gather-rhel8@sha256:ca93487e2344a02ab4da0eb010608082134c7e136f2b3cfa51a2d04b10313b3c_amd64",
"8Base-RH-OCS-4.7:ocs4/ocs-operator-bundle@sha256:70c98f7353bd302c55e6fa2f51cb4385309aafeb4a2901c94b44cee2846679fc_amd64",
"8Base-RH-OCS-4.7:ocs4/ocs-operator-bundle@sha256:97f334a7c2d147e0cfded896355f7406bd2c893783011e345dbcb474850d0047_ppc64le",
"8Base-RH-OCS-4.7:ocs4/ocs-operator-bundle@sha256:bce44dc4b764b9b3e99d5d2cdc2242667195d6802ee1a5f1f692aa6e633e5660_s390x",
"8Base-RH-OCS-4.7:ocs4/ocs-rhel8-operator@sha256:7dca985a1723e1c2169124a70182fd29a633ac7b9e9fa28ae24635e203003bc6_ppc64le",
"8Base-RH-OCS-4.7:ocs4/ocs-rhel8-operator@sha256:e715a9a62462de6c45ca82a3acc5d622d2df12ce965d226eb0a90f1cbfa212c5_s390x",
"8Base-RH-OCS-4.7:ocs4/ocs-rhel8-operator@sha256:f6319e4d6e32109deeaebe4d99cc18fd5a272c0655ba73fe2521ca63981efba6_amd64",
"8Base-RH-OCS-4.7:ocs4/rook-ceph-rhel8-operator@sha256:1c57a22591b2277403200cf3e254badcc827416fc01efabfd12c03c265a491b2_s390x",
"8Base-RH-OCS-4.7:ocs4/rook-ceph-rhel8-operator@sha256:de99a6b3cefa44dd22c637cfa2fb54c60d2b0e14970466cea19979e2e59668c7_amd64",
"8Base-RH-OCS-4.7:ocs4/rook-ceph-rhel8-operator@sha256:e25dc5fd74d37ea3b00898557b71cdefc7d508e748bfb230e18db7c2e3d526f4_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1897635"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the math/big package of Go\u0027s standard library that causes a denial of service. Applications written in Go that use math/big via cryptographic packages, including crypto/rsa and crypto/x509, are vulnerable and can potentially cause panic via a crafted certificate chain. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: math/big: panic during recursive division of very large numbers",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift ServiceMesh (OSSM) 1.1 is Out Of Support Scope (OOSS) for Moderate and Low impact vulnerabilities because it is now in the Maintenance Phase of the support.\nOpenshift Virtualization 1 (formerly Container Native Virtualization) is Out Of Support Scope (OOSS) for Moderate and Low impact vulnerabilities.\n\nRed Hat Gluster Storage 3 shipped multi-cloud-object-gateway-cli and noobaa-operator container as a technical preview and is not currently planned to be addressed in future updates.\n\nOpenShift Container Platform (OCP) 4.5 and earlier are built with Go versions earlier than 1.14, which are not affected by this vulnerability. OCP 4.6 is built with Go 1.15 and is affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RH-OCS-4.7:ocs4/mcg-rhel8-operator@sha256:21e57d86bcf007a70bc5e14ff5f0380a1ea26c4d2d2cdf191e9289d04b1f06e7_amd64",
"8Base-RH-OCS-4.7:ocs4/mcg-rhel8-operator@sha256:94dccc304395df6d8b37f8371737646d07cf289f83b30c78c353e9a4dec05b76_s390x",
"8Base-RH-OCS-4.7:ocs4/mcg-rhel8-operator@sha256:bae35f5a3ac521dedd50d8852920f99a3f1c94d1a31a51856eefa24e94516142_ppc64le"
],
"known_not_affected": [
"8Base-RH-OCS-4.7:ocs4/cephcsi-rhel8@sha256:779479e90095b760fdca7da317aaf09f76b453aa262bd3c1ac0f41f7af483a2d_ppc64le",
"8Base-RH-OCS-4.7:ocs4/cephcsi-rhel8@sha256:ac0ed0ba8ef78e3b46dcf6936f7d97ac4c0f85ac596f263880b56a12dac36234_amd64",
"8Base-RH-OCS-4.7:ocs4/cephcsi-rhel8@sha256:c7b09f1114aa36be379a9f52b3f156499bcd31d7537f1235a364129d1382497c_s390x",
"8Base-RH-OCS-4.7:ocs4/mcg-core-rhel8@sha256:22037eb4c589c5ccf921cd15bb3c82d75fac298d2b53344575c2af7c22d5353c_ppc64le",
"8Base-RH-OCS-4.7:ocs4/mcg-core-rhel8@sha256:5b1046b56cd5d7cbde64a3cfce800b76b3bd7fb0f535ac2382e97eb8fc93314c_amd64",
"8Base-RH-OCS-4.7:ocs4/mcg-core-rhel8@sha256:725dd955d4a2a4c27405d7c0d3141384c1e5bb52276056bc7ab8a35d124dcc0e_s390x",
"8Base-RH-OCS-4.7:ocs4/ocs-must-gather-rhel8@sha256:5e4df11fa489a5aa7a03ff3983c9a35143e3a76667ea652c39b499dbacb9a11d_ppc64le",
"8Base-RH-OCS-4.7:ocs4/ocs-must-gather-rhel8@sha256:6512915dabeef1d170bd2a61339d6849c175082151bc2f273bef1036738456e0_s390x",
"8Base-RH-OCS-4.7:ocs4/ocs-must-gather-rhel8@sha256:ca93487e2344a02ab4da0eb010608082134c7e136f2b3cfa51a2d04b10313b3c_amd64",
"8Base-RH-OCS-4.7:ocs4/ocs-operator-bundle@sha256:70c98f7353bd302c55e6fa2f51cb4385309aafeb4a2901c94b44cee2846679fc_amd64",
"8Base-RH-OCS-4.7:ocs4/ocs-operator-bundle@sha256:97f334a7c2d147e0cfded896355f7406bd2c893783011e345dbcb474850d0047_ppc64le",
"8Base-RH-OCS-4.7:ocs4/ocs-operator-bundle@sha256:bce44dc4b764b9b3e99d5d2cdc2242667195d6802ee1a5f1f692aa6e633e5660_s390x",
"8Base-RH-OCS-4.7:ocs4/ocs-rhel8-operator@sha256:7dca985a1723e1c2169124a70182fd29a633ac7b9e9fa28ae24635e203003bc6_ppc64le",
"8Base-RH-OCS-4.7:ocs4/ocs-rhel8-operator@sha256:e715a9a62462de6c45ca82a3acc5d622d2df12ce965d226eb0a90f1cbfa212c5_s390x",
"8Base-RH-OCS-4.7:ocs4/ocs-rhel8-operator@sha256:f6319e4d6e32109deeaebe4d99cc18fd5a272c0655ba73fe2521ca63981efba6_amd64",
"8Base-RH-OCS-4.7:ocs4/rook-ceph-rhel8-operator@sha256:1c57a22591b2277403200cf3e254badcc827416fc01efabfd12c03c265a491b2_s390x",
"8Base-RH-OCS-4.7:ocs4/rook-ceph-rhel8-operator@sha256:de99a6b3cefa44dd22c637cfa2fb54c60d2b0e14970466cea19979e2e59668c7_amd64",
"8Base-RH-OCS-4.7:ocs4/rook-ceph-rhel8-operator@sha256:e25dc5fd74d37ea3b00898557b71cdefc7d508e748bfb230e18db7c2e3d526f4_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-28362"
},
{
"category": "external",
"summary": "RHBZ#1897635",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1897635"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-28362",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28362"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-28362",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28362"
}
],
"release_date": "2020-11-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-19T09:14:24+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RH-OCS-4.7:ocs4/mcg-rhel8-operator@sha256:21e57d86bcf007a70bc5e14ff5f0380a1ea26c4d2d2cdf191e9289d04b1f06e7_amd64",
"8Base-RH-OCS-4.7:ocs4/mcg-rhel8-operator@sha256:94dccc304395df6d8b37f8371737646d07cf289f83b30c78c353e9a4dec05b76_s390x",
"8Base-RH-OCS-4.7:ocs4/mcg-rhel8-operator@sha256:bae35f5a3ac521dedd50d8852920f99a3f1c94d1a31a51856eefa24e94516142_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:2041"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RH-OCS-4.7:ocs4/cephcsi-rhel8@sha256:779479e90095b760fdca7da317aaf09f76b453aa262bd3c1ac0f41f7af483a2d_ppc64le",
"8Base-RH-OCS-4.7:ocs4/cephcsi-rhel8@sha256:ac0ed0ba8ef78e3b46dcf6936f7d97ac4c0f85ac596f263880b56a12dac36234_amd64",
"8Base-RH-OCS-4.7:ocs4/cephcsi-rhel8@sha256:c7b09f1114aa36be379a9f52b3f156499bcd31d7537f1235a364129d1382497c_s390x",
"8Base-RH-OCS-4.7:ocs4/mcg-core-rhel8@sha256:22037eb4c589c5ccf921cd15bb3c82d75fac298d2b53344575c2af7c22d5353c_ppc64le",
"8Base-RH-OCS-4.7:ocs4/mcg-core-rhel8@sha256:5b1046b56cd5d7cbde64a3cfce800b76b3bd7fb0f535ac2382e97eb8fc93314c_amd64",
"8Base-RH-OCS-4.7:ocs4/mcg-core-rhel8@sha256:725dd955d4a2a4c27405d7c0d3141384c1e5bb52276056bc7ab8a35d124dcc0e_s390x",
"8Base-RH-OCS-4.7:ocs4/mcg-rhel8-operator@sha256:21e57d86bcf007a70bc5e14ff5f0380a1ea26c4d2d2cdf191e9289d04b1f06e7_amd64",
"8Base-RH-OCS-4.7:ocs4/mcg-rhel8-operator@sha256:94dccc304395df6d8b37f8371737646d07cf289f83b30c78c353e9a4dec05b76_s390x",
"8Base-RH-OCS-4.7:ocs4/mcg-rhel8-operator@sha256:bae35f5a3ac521dedd50d8852920f99a3f1c94d1a31a51856eefa24e94516142_ppc64le",
"8Base-RH-OCS-4.7:ocs4/ocs-must-gather-rhel8@sha256:5e4df11fa489a5aa7a03ff3983c9a35143e3a76667ea652c39b499dbacb9a11d_ppc64le",
"8Base-RH-OCS-4.7:ocs4/ocs-must-gather-rhel8@sha256:6512915dabeef1d170bd2a61339d6849c175082151bc2f273bef1036738456e0_s390x",
"8Base-RH-OCS-4.7:ocs4/ocs-must-gather-rhel8@sha256:ca93487e2344a02ab4da0eb010608082134c7e136f2b3cfa51a2d04b10313b3c_amd64",
"8Base-RH-OCS-4.7:ocs4/ocs-operator-bundle@sha256:70c98f7353bd302c55e6fa2f51cb4385309aafeb4a2901c94b44cee2846679fc_amd64",
"8Base-RH-OCS-4.7:ocs4/ocs-operator-bundle@sha256:97f334a7c2d147e0cfded896355f7406bd2c893783011e345dbcb474850d0047_ppc64le",
"8Base-RH-OCS-4.7:ocs4/ocs-operator-bundle@sha256:bce44dc4b764b9b3e99d5d2cdc2242667195d6802ee1a5f1f692aa6e633e5660_s390x",
"8Base-RH-OCS-4.7:ocs4/ocs-rhel8-operator@sha256:7dca985a1723e1c2169124a70182fd29a633ac7b9e9fa28ae24635e203003bc6_ppc64le",
"8Base-RH-OCS-4.7:ocs4/ocs-rhel8-operator@sha256:e715a9a62462de6c45ca82a3acc5d622d2df12ce965d226eb0a90f1cbfa212c5_s390x",
"8Base-RH-OCS-4.7:ocs4/ocs-rhel8-operator@sha256:f6319e4d6e32109deeaebe4d99cc18fd5a272c0655ba73fe2521ca63981efba6_amd64",
"8Base-RH-OCS-4.7:ocs4/rook-ceph-rhel8-operator@sha256:1c57a22591b2277403200cf3e254badcc827416fc01efabfd12c03c265a491b2_s390x",
"8Base-RH-OCS-4.7:ocs4/rook-ceph-rhel8-operator@sha256:de99a6b3cefa44dd22c637cfa2fb54c60d2b0e14970466cea19979e2e59668c7_amd64",
"8Base-RH-OCS-4.7:ocs4/rook-ceph-rhel8-operator@sha256:e25dc5fd74d37ea3b00898557b71cdefc7d508e748bfb230e18db7c2e3d526f4_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: math/big: panic during recursive division of very large numbers"
},
{
"cve": "CVE-2021-3114",
"cwe": {
"id": "CWE-682",
"name": "Incorrect Calculation"
},
"discovery_date": "2021-01-21T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RH-OCS-4.7:ocs4/cephcsi-rhel8@sha256:779479e90095b760fdca7da317aaf09f76b453aa262bd3c1ac0f41f7af483a2d_ppc64le",
"8Base-RH-OCS-4.7:ocs4/cephcsi-rhel8@sha256:ac0ed0ba8ef78e3b46dcf6936f7d97ac4c0f85ac596f263880b56a12dac36234_amd64",
"8Base-RH-OCS-4.7:ocs4/cephcsi-rhel8@sha256:c7b09f1114aa36be379a9f52b3f156499bcd31d7537f1235a364129d1382497c_s390x",
"8Base-RH-OCS-4.7:ocs4/mcg-core-rhel8@sha256:22037eb4c589c5ccf921cd15bb3c82d75fac298d2b53344575c2af7c22d5353c_ppc64le",
"8Base-RH-OCS-4.7:ocs4/mcg-core-rhel8@sha256:5b1046b56cd5d7cbde64a3cfce800b76b3bd7fb0f535ac2382e97eb8fc93314c_amd64",
"8Base-RH-OCS-4.7:ocs4/mcg-core-rhel8@sha256:725dd955d4a2a4c27405d7c0d3141384c1e5bb52276056bc7ab8a35d124dcc0e_s390x",
"8Base-RH-OCS-4.7:ocs4/ocs-must-gather-rhel8@sha256:5e4df11fa489a5aa7a03ff3983c9a35143e3a76667ea652c39b499dbacb9a11d_ppc64le",
"8Base-RH-OCS-4.7:ocs4/ocs-must-gather-rhel8@sha256:6512915dabeef1d170bd2a61339d6849c175082151bc2f273bef1036738456e0_s390x",
"8Base-RH-OCS-4.7:ocs4/ocs-must-gather-rhel8@sha256:ca93487e2344a02ab4da0eb010608082134c7e136f2b3cfa51a2d04b10313b3c_amd64",
"8Base-RH-OCS-4.7:ocs4/ocs-operator-bundle@sha256:70c98f7353bd302c55e6fa2f51cb4385309aafeb4a2901c94b44cee2846679fc_amd64",
"8Base-RH-OCS-4.7:ocs4/ocs-operator-bundle@sha256:97f334a7c2d147e0cfded896355f7406bd2c893783011e345dbcb474850d0047_ppc64le",
"8Base-RH-OCS-4.7:ocs4/ocs-operator-bundle@sha256:bce44dc4b764b9b3e99d5d2cdc2242667195d6802ee1a5f1f692aa6e633e5660_s390x",
"8Base-RH-OCS-4.7:ocs4/ocs-rhel8-operator@sha256:7dca985a1723e1c2169124a70182fd29a633ac7b9e9fa28ae24635e203003bc6_ppc64le",
"8Base-RH-OCS-4.7:ocs4/ocs-rhel8-operator@sha256:e715a9a62462de6c45ca82a3acc5d622d2df12ce965d226eb0a90f1cbfa212c5_s390x",
"8Base-RH-OCS-4.7:ocs4/ocs-rhel8-operator@sha256:f6319e4d6e32109deeaebe4d99cc18fd5a272c0655ba73fe2521ca63981efba6_amd64",
"8Base-RH-OCS-4.7:ocs4/rook-ceph-rhel8-operator@sha256:1c57a22591b2277403200cf3e254badcc827416fc01efabfd12c03c265a491b2_s390x",
"8Base-RH-OCS-4.7:ocs4/rook-ceph-rhel8-operator@sha256:de99a6b3cefa44dd22c637cfa2fb54c60d2b0e14970466cea19979e2e59668c7_amd64",
"8Base-RH-OCS-4.7:ocs4/rook-ceph-rhel8-operator@sha256:e25dc5fd74d37ea3b00898557b71cdefc7d508e748bfb230e18db7c2e3d526f4_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1918750"
}
],
"notes": [
{
"category": "description",
"text": "A flaw detected in golang: crypto/elliptic, in which P-224 keys as generated can return incorrect inputs, reducing the strength of the cryptography. The highest threat from this vulnerability is confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/elliptic: incorrect operations on the P-224 curve",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift ServiceMesh (OSSM) 1.1 is Out Of Support Scope (OOSS) for Moderate and Low impact vulnerabilities because it is now in the Maintenance Phase of the support.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RH-OCS-4.7:ocs4/mcg-rhel8-operator@sha256:21e57d86bcf007a70bc5e14ff5f0380a1ea26c4d2d2cdf191e9289d04b1f06e7_amd64",
"8Base-RH-OCS-4.7:ocs4/mcg-rhel8-operator@sha256:94dccc304395df6d8b37f8371737646d07cf289f83b30c78c353e9a4dec05b76_s390x",
"8Base-RH-OCS-4.7:ocs4/mcg-rhel8-operator@sha256:bae35f5a3ac521dedd50d8852920f99a3f1c94d1a31a51856eefa24e94516142_ppc64le"
],
"known_not_affected": [
"8Base-RH-OCS-4.7:ocs4/cephcsi-rhel8@sha256:779479e90095b760fdca7da317aaf09f76b453aa262bd3c1ac0f41f7af483a2d_ppc64le",
"8Base-RH-OCS-4.7:ocs4/cephcsi-rhel8@sha256:ac0ed0ba8ef78e3b46dcf6936f7d97ac4c0f85ac596f263880b56a12dac36234_amd64",
"8Base-RH-OCS-4.7:ocs4/cephcsi-rhel8@sha256:c7b09f1114aa36be379a9f52b3f156499bcd31d7537f1235a364129d1382497c_s390x",
"8Base-RH-OCS-4.7:ocs4/mcg-core-rhel8@sha256:22037eb4c589c5ccf921cd15bb3c82d75fac298d2b53344575c2af7c22d5353c_ppc64le",
"8Base-RH-OCS-4.7:ocs4/mcg-core-rhel8@sha256:5b1046b56cd5d7cbde64a3cfce800b76b3bd7fb0f535ac2382e97eb8fc93314c_amd64",
"8Base-RH-OCS-4.7:ocs4/mcg-core-rhel8@sha256:725dd955d4a2a4c27405d7c0d3141384c1e5bb52276056bc7ab8a35d124dcc0e_s390x",
"8Base-RH-OCS-4.7:ocs4/ocs-must-gather-rhel8@sha256:5e4df11fa489a5aa7a03ff3983c9a35143e3a76667ea652c39b499dbacb9a11d_ppc64le",
"8Base-RH-OCS-4.7:ocs4/ocs-must-gather-rhel8@sha256:6512915dabeef1d170bd2a61339d6849c175082151bc2f273bef1036738456e0_s390x",
"8Base-RH-OCS-4.7:ocs4/ocs-must-gather-rhel8@sha256:ca93487e2344a02ab4da0eb010608082134c7e136f2b3cfa51a2d04b10313b3c_amd64",
"8Base-RH-OCS-4.7:ocs4/ocs-operator-bundle@sha256:70c98f7353bd302c55e6fa2f51cb4385309aafeb4a2901c94b44cee2846679fc_amd64",
"8Base-RH-OCS-4.7:ocs4/ocs-operator-bundle@sha256:97f334a7c2d147e0cfded896355f7406bd2c893783011e345dbcb474850d0047_ppc64le",
"8Base-RH-OCS-4.7:ocs4/ocs-operator-bundle@sha256:bce44dc4b764b9b3e99d5d2cdc2242667195d6802ee1a5f1f692aa6e633e5660_s390x",
"8Base-RH-OCS-4.7:ocs4/ocs-rhel8-operator@sha256:7dca985a1723e1c2169124a70182fd29a633ac7b9e9fa28ae24635e203003bc6_ppc64le",
"8Base-RH-OCS-4.7:ocs4/ocs-rhel8-operator@sha256:e715a9a62462de6c45ca82a3acc5d622d2df12ce965d226eb0a90f1cbfa212c5_s390x",
"8Base-RH-OCS-4.7:ocs4/ocs-rhel8-operator@sha256:f6319e4d6e32109deeaebe4d99cc18fd5a272c0655ba73fe2521ca63981efba6_amd64",
"8Base-RH-OCS-4.7:ocs4/rook-ceph-rhel8-operator@sha256:1c57a22591b2277403200cf3e254badcc827416fc01efabfd12c03c265a491b2_s390x",
"8Base-RH-OCS-4.7:ocs4/rook-ceph-rhel8-operator@sha256:de99a6b3cefa44dd22c637cfa2fb54c60d2b0e14970466cea19979e2e59668c7_amd64",
"8Base-RH-OCS-4.7:ocs4/rook-ceph-rhel8-operator@sha256:e25dc5fd74d37ea3b00898557b71cdefc7d508e748bfb230e18db7c2e3d526f4_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-3114"
},
{
"category": "external",
"summary": "RHBZ#1918750",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1918750"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-3114",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3114"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3114",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3114"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/mperVMGa98w",
"url": "https://groups.google.com/g/golang-announce/c/mperVMGa98w"
}
],
"release_date": "2021-01-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-19T09:14:24+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RH-OCS-4.7:ocs4/mcg-rhel8-operator@sha256:21e57d86bcf007a70bc5e14ff5f0380a1ea26c4d2d2cdf191e9289d04b1f06e7_amd64",
"8Base-RH-OCS-4.7:ocs4/mcg-rhel8-operator@sha256:94dccc304395df6d8b37f8371737646d07cf289f83b30c78c353e9a4dec05b76_s390x",
"8Base-RH-OCS-4.7:ocs4/mcg-rhel8-operator@sha256:bae35f5a3ac521dedd50d8852920f99a3f1c94d1a31a51856eefa24e94516142_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:2041"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-RH-OCS-4.7:ocs4/cephcsi-rhel8@sha256:779479e90095b760fdca7da317aaf09f76b453aa262bd3c1ac0f41f7af483a2d_ppc64le",
"8Base-RH-OCS-4.7:ocs4/cephcsi-rhel8@sha256:ac0ed0ba8ef78e3b46dcf6936f7d97ac4c0f85ac596f263880b56a12dac36234_amd64",
"8Base-RH-OCS-4.7:ocs4/cephcsi-rhel8@sha256:c7b09f1114aa36be379a9f52b3f156499bcd31d7537f1235a364129d1382497c_s390x",
"8Base-RH-OCS-4.7:ocs4/mcg-core-rhel8@sha256:22037eb4c589c5ccf921cd15bb3c82d75fac298d2b53344575c2af7c22d5353c_ppc64le",
"8Base-RH-OCS-4.7:ocs4/mcg-core-rhel8@sha256:5b1046b56cd5d7cbde64a3cfce800b76b3bd7fb0f535ac2382e97eb8fc93314c_amd64",
"8Base-RH-OCS-4.7:ocs4/mcg-core-rhel8@sha256:725dd955d4a2a4c27405d7c0d3141384c1e5bb52276056bc7ab8a35d124dcc0e_s390x",
"8Base-RH-OCS-4.7:ocs4/mcg-rhel8-operator@sha256:21e57d86bcf007a70bc5e14ff5f0380a1ea26c4d2d2cdf191e9289d04b1f06e7_amd64",
"8Base-RH-OCS-4.7:ocs4/mcg-rhel8-operator@sha256:94dccc304395df6d8b37f8371737646d07cf289f83b30c78c353e9a4dec05b76_s390x",
"8Base-RH-OCS-4.7:ocs4/mcg-rhel8-operator@sha256:bae35f5a3ac521dedd50d8852920f99a3f1c94d1a31a51856eefa24e94516142_ppc64le",
"8Base-RH-OCS-4.7:ocs4/ocs-must-gather-rhel8@sha256:5e4df11fa489a5aa7a03ff3983c9a35143e3a76667ea652c39b499dbacb9a11d_ppc64le",
"8Base-RH-OCS-4.7:ocs4/ocs-must-gather-rhel8@sha256:6512915dabeef1d170bd2a61339d6849c175082151bc2f273bef1036738456e0_s390x",
"8Base-RH-OCS-4.7:ocs4/ocs-must-gather-rhel8@sha256:ca93487e2344a02ab4da0eb010608082134c7e136f2b3cfa51a2d04b10313b3c_amd64",
"8Base-RH-OCS-4.7:ocs4/ocs-operator-bundle@sha256:70c98f7353bd302c55e6fa2f51cb4385309aafeb4a2901c94b44cee2846679fc_amd64",
"8Base-RH-OCS-4.7:ocs4/ocs-operator-bundle@sha256:97f334a7c2d147e0cfded896355f7406bd2c893783011e345dbcb474850d0047_ppc64le",
"8Base-RH-OCS-4.7:ocs4/ocs-operator-bundle@sha256:bce44dc4b764b9b3e99d5d2cdc2242667195d6802ee1a5f1f692aa6e633e5660_s390x",
"8Base-RH-OCS-4.7:ocs4/ocs-rhel8-operator@sha256:7dca985a1723e1c2169124a70182fd29a633ac7b9e9fa28ae24635e203003bc6_ppc64le",
"8Base-RH-OCS-4.7:ocs4/ocs-rhel8-operator@sha256:e715a9a62462de6c45ca82a3acc5d622d2df12ce965d226eb0a90f1cbfa212c5_s390x",
"8Base-RH-OCS-4.7:ocs4/ocs-rhel8-operator@sha256:f6319e4d6e32109deeaebe4d99cc18fd5a272c0655ba73fe2521ca63981efba6_amd64",
"8Base-RH-OCS-4.7:ocs4/rook-ceph-rhel8-operator@sha256:1c57a22591b2277403200cf3e254badcc827416fc01efabfd12c03c265a491b2_s390x",
"8Base-RH-OCS-4.7:ocs4/rook-ceph-rhel8-operator@sha256:de99a6b3cefa44dd22c637cfa2fb54c60d2b0e14970466cea19979e2e59668c7_amd64",
"8Base-RH-OCS-4.7:ocs4/rook-ceph-rhel8-operator@sha256:e25dc5fd74d37ea3b00898557b71cdefc7d508e748bfb230e18db7c2e3d526f4_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/elliptic: incorrect operations on the P-224 curve"
},
{
"acknowledgments": [
{
"names": [
"Martin Bukatovic"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2021-3528",
"cwe": {
"id": "CWE-532",
"name": "Insertion of Sensitive Information into Log File"
},
"discovery_date": "2021-03-10T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RH-OCS-4.7:ocs4/cephcsi-rhel8@sha256:779479e90095b760fdca7da317aaf09f76b453aa262bd3c1ac0f41f7af483a2d_ppc64le",
"8Base-RH-OCS-4.7:ocs4/cephcsi-rhel8@sha256:ac0ed0ba8ef78e3b46dcf6936f7d97ac4c0f85ac596f263880b56a12dac36234_amd64",
"8Base-RH-OCS-4.7:ocs4/cephcsi-rhel8@sha256:c7b09f1114aa36be379a9f52b3f156499bcd31d7537f1235a364129d1382497c_s390x",
"8Base-RH-OCS-4.7:ocs4/mcg-core-rhel8@sha256:22037eb4c589c5ccf921cd15bb3c82d75fac298d2b53344575c2af7c22d5353c_ppc64le",
"8Base-RH-OCS-4.7:ocs4/mcg-core-rhel8@sha256:5b1046b56cd5d7cbde64a3cfce800b76b3bd7fb0f535ac2382e97eb8fc93314c_amd64",
"8Base-RH-OCS-4.7:ocs4/mcg-core-rhel8@sha256:725dd955d4a2a4c27405d7c0d3141384c1e5bb52276056bc7ab8a35d124dcc0e_s390x",
"8Base-RH-OCS-4.7:ocs4/ocs-must-gather-rhel8@sha256:5e4df11fa489a5aa7a03ff3983c9a35143e3a76667ea652c39b499dbacb9a11d_ppc64le",
"8Base-RH-OCS-4.7:ocs4/ocs-must-gather-rhel8@sha256:6512915dabeef1d170bd2a61339d6849c175082151bc2f273bef1036738456e0_s390x",
"8Base-RH-OCS-4.7:ocs4/ocs-must-gather-rhel8@sha256:ca93487e2344a02ab4da0eb010608082134c7e136f2b3cfa51a2d04b10313b3c_amd64",
"8Base-RH-OCS-4.7:ocs4/ocs-operator-bundle@sha256:70c98f7353bd302c55e6fa2f51cb4385309aafeb4a2901c94b44cee2846679fc_amd64",
"8Base-RH-OCS-4.7:ocs4/ocs-operator-bundle@sha256:97f334a7c2d147e0cfded896355f7406bd2c893783011e345dbcb474850d0047_ppc64le",
"8Base-RH-OCS-4.7:ocs4/ocs-operator-bundle@sha256:bce44dc4b764b9b3e99d5d2cdc2242667195d6802ee1a5f1f692aa6e633e5660_s390x",
"8Base-RH-OCS-4.7:ocs4/ocs-rhel8-operator@sha256:7dca985a1723e1c2169124a70182fd29a633ac7b9e9fa28ae24635e203003bc6_ppc64le",
"8Base-RH-OCS-4.7:ocs4/ocs-rhel8-operator@sha256:e715a9a62462de6c45ca82a3acc5d622d2df12ce965d226eb0a90f1cbfa212c5_s390x",
"8Base-RH-OCS-4.7:ocs4/ocs-rhel8-operator@sha256:f6319e4d6e32109deeaebe4d99cc18fd5a272c0655ba73fe2521ca63981efba6_amd64",
"8Base-RH-OCS-4.7:ocs4/rook-ceph-rhel8-operator@sha256:1c57a22591b2277403200cf3e254badcc827416fc01efabfd12c03c265a491b2_s390x",
"8Base-RH-OCS-4.7:ocs4/rook-ceph-rhel8-operator@sha256:de99a6b3cefa44dd22c637cfa2fb54c60d2b0e14970466cea19979e2e59668c7_amd64",
"8Base-RH-OCS-4.7:ocs4/rook-ceph-rhel8-operator@sha256:e25dc5fd74d37ea3b00898557b71cdefc7d508e748bfb230e18db7c2e3d526f4_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1955601"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in NooBaa, where internal RPC AuthTokens between the noobaa operator and the noobaa core are leaked into log files. An attacker with access to the log files could use this AuthToken to gain additional access into noobaa deployment and can read/modify system configuration.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "NooBaa: noobaa-operator leaking RPC AuthToken into log files",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RH-OCS-4.7:ocs4/mcg-rhel8-operator@sha256:21e57d86bcf007a70bc5e14ff5f0380a1ea26c4d2d2cdf191e9289d04b1f06e7_amd64",
"8Base-RH-OCS-4.7:ocs4/mcg-rhel8-operator@sha256:94dccc304395df6d8b37f8371737646d07cf289f83b30c78c353e9a4dec05b76_s390x",
"8Base-RH-OCS-4.7:ocs4/mcg-rhel8-operator@sha256:bae35f5a3ac521dedd50d8852920f99a3f1c94d1a31a51856eefa24e94516142_ppc64le"
],
"known_not_affected": [
"8Base-RH-OCS-4.7:ocs4/cephcsi-rhel8@sha256:779479e90095b760fdca7da317aaf09f76b453aa262bd3c1ac0f41f7af483a2d_ppc64le",
"8Base-RH-OCS-4.7:ocs4/cephcsi-rhel8@sha256:ac0ed0ba8ef78e3b46dcf6936f7d97ac4c0f85ac596f263880b56a12dac36234_amd64",
"8Base-RH-OCS-4.7:ocs4/cephcsi-rhel8@sha256:c7b09f1114aa36be379a9f52b3f156499bcd31d7537f1235a364129d1382497c_s390x",
"8Base-RH-OCS-4.7:ocs4/mcg-core-rhel8@sha256:22037eb4c589c5ccf921cd15bb3c82d75fac298d2b53344575c2af7c22d5353c_ppc64le",
"8Base-RH-OCS-4.7:ocs4/mcg-core-rhel8@sha256:5b1046b56cd5d7cbde64a3cfce800b76b3bd7fb0f535ac2382e97eb8fc93314c_amd64",
"8Base-RH-OCS-4.7:ocs4/mcg-core-rhel8@sha256:725dd955d4a2a4c27405d7c0d3141384c1e5bb52276056bc7ab8a35d124dcc0e_s390x",
"8Base-RH-OCS-4.7:ocs4/ocs-must-gather-rhel8@sha256:5e4df11fa489a5aa7a03ff3983c9a35143e3a76667ea652c39b499dbacb9a11d_ppc64le",
"8Base-RH-OCS-4.7:ocs4/ocs-must-gather-rhel8@sha256:6512915dabeef1d170bd2a61339d6849c175082151bc2f273bef1036738456e0_s390x",
"8Base-RH-OCS-4.7:ocs4/ocs-must-gather-rhel8@sha256:ca93487e2344a02ab4da0eb010608082134c7e136f2b3cfa51a2d04b10313b3c_amd64",
"8Base-RH-OCS-4.7:ocs4/ocs-operator-bundle@sha256:70c98f7353bd302c55e6fa2f51cb4385309aafeb4a2901c94b44cee2846679fc_amd64",
"8Base-RH-OCS-4.7:ocs4/ocs-operator-bundle@sha256:97f334a7c2d147e0cfded896355f7406bd2c893783011e345dbcb474850d0047_ppc64le",
"8Base-RH-OCS-4.7:ocs4/ocs-operator-bundle@sha256:bce44dc4b764b9b3e99d5d2cdc2242667195d6802ee1a5f1f692aa6e633e5660_s390x",
"8Base-RH-OCS-4.7:ocs4/ocs-rhel8-operator@sha256:7dca985a1723e1c2169124a70182fd29a633ac7b9e9fa28ae24635e203003bc6_ppc64le",
"8Base-RH-OCS-4.7:ocs4/ocs-rhel8-operator@sha256:e715a9a62462de6c45ca82a3acc5d622d2df12ce965d226eb0a90f1cbfa212c5_s390x",
"8Base-RH-OCS-4.7:ocs4/ocs-rhel8-operator@sha256:f6319e4d6e32109deeaebe4d99cc18fd5a272c0655ba73fe2521ca63981efba6_amd64",
"8Base-RH-OCS-4.7:ocs4/rook-ceph-rhel8-operator@sha256:1c57a22591b2277403200cf3e254badcc827416fc01efabfd12c03c265a491b2_s390x",
"8Base-RH-OCS-4.7:ocs4/rook-ceph-rhel8-operator@sha256:de99a6b3cefa44dd22c637cfa2fb54c60d2b0e14970466cea19979e2e59668c7_amd64",
"8Base-RH-OCS-4.7:ocs4/rook-ceph-rhel8-operator@sha256:e25dc5fd74d37ea3b00898557b71cdefc7d508e748bfb230e18db7c2e3d526f4_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-3528"
},
{
"category": "external",
"summary": "RHBZ#1955601",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1955601"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-3528",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3528"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3528",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3528"
}
],
"release_date": "2021-03-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-19T09:14:24+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RH-OCS-4.7:ocs4/mcg-rhel8-operator@sha256:21e57d86bcf007a70bc5e14ff5f0380a1ea26c4d2d2cdf191e9289d04b1f06e7_amd64",
"8Base-RH-OCS-4.7:ocs4/mcg-rhel8-operator@sha256:94dccc304395df6d8b37f8371737646d07cf289f83b30c78c353e9a4dec05b76_s390x",
"8Base-RH-OCS-4.7:ocs4/mcg-rhel8-operator@sha256:bae35f5a3ac521dedd50d8852920f99a3f1c94d1a31a51856eefa24e94516142_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:2041"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RH-OCS-4.7:ocs4/cephcsi-rhel8@sha256:779479e90095b760fdca7da317aaf09f76b453aa262bd3c1ac0f41f7af483a2d_ppc64le",
"8Base-RH-OCS-4.7:ocs4/cephcsi-rhel8@sha256:ac0ed0ba8ef78e3b46dcf6936f7d97ac4c0f85ac596f263880b56a12dac36234_amd64",
"8Base-RH-OCS-4.7:ocs4/cephcsi-rhel8@sha256:c7b09f1114aa36be379a9f52b3f156499bcd31d7537f1235a364129d1382497c_s390x",
"8Base-RH-OCS-4.7:ocs4/mcg-core-rhel8@sha256:22037eb4c589c5ccf921cd15bb3c82d75fac298d2b53344575c2af7c22d5353c_ppc64le",
"8Base-RH-OCS-4.7:ocs4/mcg-core-rhel8@sha256:5b1046b56cd5d7cbde64a3cfce800b76b3bd7fb0f535ac2382e97eb8fc93314c_amd64",
"8Base-RH-OCS-4.7:ocs4/mcg-core-rhel8@sha256:725dd955d4a2a4c27405d7c0d3141384c1e5bb52276056bc7ab8a35d124dcc0e_s390x",
"8Base-RH-OCS-4.7:ocs4/mcg-rhel8-operator@sha256:21e57d86bcf007a70bc5e14ff5f0380a1ea26c4d2d2cdf191e9289d04b1f06e7_amd64",
"8Base-RH-OCS-4.7:ocs4/mcg-rhel8-operator@sha256:94dccc304395df6d8b37f8371737646d07cf289f83b30c78c353e9a4dec05b76_s390x",
"8Base-RH-OCS-4.7:ocs4/mcg-rhel8-operator@sha256:bae35f5a3ac521dedd50d8852920f99a3f1c94d1a31a51856eefa24e94516142_ppc64le",
"8Base-RH-OCS-4.7:ocs4/ocs-must-gather-rhel8@sha256:5e4df11fa489a5aa7a03ff3983c9a35143e3a76667ea652c39b499dbacb9a11d_ppc64le",
"8Base-RH-OCS-4.7:ocs4/ocs-must-gather-rhel8@sha256:6512915dabeef1d170bd2a61339d6849c175082151bc2f273bef1036738456e0_s390x",
"8Base-RH-OCS-4.7:ocs4/ocs-must-gather-rhel8@sha256:ca93487e2344a02ab4da0eb010608082134c7e136f2b3cfa51a2d04b10313b3c_amd64",
"8Base-RH-OCS-4.7:ocs4/ocs-operator-bundle@sha256:70c98f7353bd302c55e6fa2f51cb4385309aafeb4a2901c94b44cee2846679fc_amd64",
"8Base-RH-OCS-4.7:ocs4/ocs-operator-bundle@sha256:97f334a7c2d147e0cfded896355f7406bd2c893783011e345dbcb474850d0047_ppc64le",
"8Base-RH-OCS-4.7:ocs4/ocs-operator-bundle@sha256:bce44dc4b764b9b3e99d5d2cdc2242667195d6802ee1a5f1f692aa6e633e5660_s390x",
"8Base-RH-OCS-4.7:ocs4/ocs-rhel8-operator@sha256:7dca985a1723e1c2169124a70182fd29a633ac7b9e9fa28ae24635e203003bc6_ppc64le",
"8Base-RH-OCS-4.7:ocs4/ocs-rhel8-operator@sha256:e715a9a62462de6c45ca82a3acc5d622d2df12ce965d226eb0a90f1cbfa212c5_s390x",
"8Base-RH-OCS-4.7:ocs4/ocs-rhel8-operator@sha256:f6319e4d6e32109deeaebe4d99cc18fd5a272c0655ba73fe2521ca63981efba6_amd64",
"8Base-RH-OCS-4.7:ocs4/rook-ceph-rhel8-operator@sha256:1c57a22591b2277403200cf3e254badcc827416fc01efabfd12c03c265a491b2_s390x",
"8Base-RH-OCS-4.7:ocs4/rook-ceph-rhel8-operator@sha256:de99a6b3cefa44dd22c637cfa2fb54c60d2b0e14970466cea19979e2e59668c7_amd64",
"8Base-RH-OCS-4.7:ocs4/rook-ceph-rhel8-operator@sha256:e25dc5fd74d37ea3b00898557b71cdefc7d508e748bfb230e18db7c2e3d526f4_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "NooBaa: noobaa-operator leaking RPC AuthToken into log files"
}
]
}
RHSA-2021:2042
Vulnerability from csaf_redhat - Published: 2021-05-19 10:26 - Updated: 2026-05-15 02:04Summary
Red Hat Security Advisory: Red Hat OpenShift Container Storage 4.7 RPM security, bug fix, and enhancement update
Severity
Moderate
Notes
Topic: Updated mcg rpm which includes numerous security fixes, bug fixes, and enhancements are now available for Red Hat OpenShift Container Storage 4.7.0 on Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat OpenShift Container Storage is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Container Storage is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Container Storage provisions a multicloud data management service with an S3 compatible API.
Security Fix(es):
* jwt-go: access restriction bypass vulnerability (CVE-2020-26160)
* golang: math/big: panic during recursive division of very large numbers (CVE-2020-28362)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Container Storage Release Notes for information on the most significant of these changes:
https://access.redhat.com/documentation/en-us/red_hat_openshift_container_storage/4.7/html-single/4.7_release_notes/index
All Red Hat OpenShift Container Storage users are advised to upgrade to
these updated images.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A vulnerability was found in jwt-go where it is vulnerable to Access Restriction Bypass if m["aud"] happens to be []string{}, as allowed by the spec, the type assertion fails and the value of aud is "". This can cause audience verification to succeed even if the audiences being passed are incorrect if required is set to false.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RH-OCS-4.7:mcg-0:5.7.0-69.85e2026.5.7.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.7:mcg-0:5.7.0-69.85e2026.5.7.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.7:mcg-0:5.7.0-69.85e2026.5.7.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.7:mcg-0:5.7.0-69.85e2026.5.7.el8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Low
A flaw was found in the math/big package of Go's standard library that causes a denial of service. Applications written in Go that use math/big via cryptographic packages, including crypto/rsa and crypto/x509, are vulnerable and can potentially cause panic via a crafted certificate chain. The highest threat from this vulnerability is to system availability.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RH-OCS-4.7:mcg-0:5.7.0-69.85e2026.5.7.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.7:mcg-0:5.7.0-69.85e2026.5.7.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.7:mcg-0:5.7.0-69.85e2026.5.7.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.7:mcg-0:5.7.0-69.85e2026.5.7.el8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
15 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated mcg rpm which includes numerous security fixes, bug fixes, and enhancements are now available for Red Hat OpenShift Container Storage 4.7.0 on Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Storage is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Container Storage is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Container Storage provisions a multicloud data management service with an S3 compatible API.\n\nSecurity Fix(es):\n\n* jwt-go: access restriction bypass vulnerability (CVE-2020-26160)\n\n* golang: math/big: panic during recursive division of very large numbers (CVE-2020-28362)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\nSpace precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Container Storage Release Notes for information on the most significant of these changes:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_container_storage/4.7/html-single/4.7_release_notes/index\n\nAll Red Hat OpenShift Container Storage users are advised to upgrade to\nthese updated images.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2021:2042",
"url": "https://access.redhat.com/errata/RHSA-2021:2042"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1883371",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1883371"
},
{
"category": "external",
"summary": "1897635",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1897635"
},
{
"category": "external",
"summary": "1941502",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1941502"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_2042.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Container Storage 4.7 RPM security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2026-05-15T02:04:32+00:00",
"generator": {
"date": "2026-05-15T02:04:32+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHSA-2021:2042",
"initial_release_date": "2021-05-19T10:26:16+00:00",
"revision_history": [
{
"date": "2021-05-19T10:26:16+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2021-05-19T10:26:16+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-15T02:04:32+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Storage 4.7 on RHEL-8",
"product": {
"name": "Red Hat OpenShift Container Storage 4.7 on RHEL-8",
"product_id": "8Base-RH-OCS-4.7",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_container_storage:4.7::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Container Storage"
},
{
"branches": [
{
"category": "product_version",
"name": "mcg-0:5.7.0-69.85e2026.5.7.el8.src",
"product": {
"name": "mcg-0:5.7.0-69.85e2026.5.7.el8.src",
"product_id": "mcg-0:5.7.0-69.85e2026.5.7.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mcg@5.7.0-69.85e2026.5.7.el8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "mcg-0:5.7.0-69.85e2026.5.7.el8.x86_64",
"product": {
"name": "mcg-0:5.7.0-69.85e2026.5.7.el8.x86_64",
"product_id": "mcg-0:5.7.0-69.85e2026.5.7.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mcg@5.7.0-69.85e2026.5.7.el8?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "mcg-0:5.7.0-69.85e2026.5.7.el8.s390x",
"product": {
"name": "mcg-0:5.7.0-69.85e2026.5.7.el8.s390x",
"product_id": "mcg-0:5.7.0-69.85e2026.5.7.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mcg@5.7.0-69.85e2026.5.7.el8?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "mcg-0:5.7.0-69.85e2026.5.7.el8.ppc64le",
"product": {
"name": "mcg-0:5.7.0-69.85e2026.5.7.el8.ppc64le",
"product_id": "mcg-0:5.7.0-69.85e2026.5.7.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mcg@5.7.0-69.85e2026.5.7.el8?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "mcg-0:5.7.0-69.85e2026.5.7.el8.ppc64le as a component of Red Hat OpenShift Container Storage 4.7 on RHEL-8",
"product_id": "8Base-RH-OCS-4.7:mcg-0:5.7.0-69.85e2026.5.7.el8.ppc64le"
},
"product_reference": "mcg-0:5.7.0-69.85e2026.5.7.el8.ppc64le",
"relates_to_product_reference": "8Base-RH-OCS-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mcg-0:5.7.0-69.85e2026.5.7.el8.s390x as a component of Red Hat OpenShift Container Storage 4.7 on RHEL-8",
"product_id": "8Base-RH-OCS-4.7:mcg-0:5.7.0-69.85e2026.5.7.el8.s390x"
},
"product_reference": "mcg-0:5.7.0-69.85e2026.5.7.el8.s390x",
"relates_to_product_reference": "8Base-RH-OCS-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mcg-0:5.7.0-69.85e2026.5.7.el8.src as a component of Red Hat OpenShift Container Storage 4.7 on RHEL-8",
"product_id": "8Base-RH-OCS-4.7:mcg-0:5.7.0-69.85e2026.5.7.el8.src"
},
"product_reference": "mcg-0:5.7.0-69.85e2026.5.7.el8.src",
"relates_to_product_reference": "8Base-RH-OCS-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mcg-0:5.7.0-69.85e2026.5.7.el8.x86_64 as a component of Red Hat OpenShift Container Storage 4.7 on RHEL-8",
"product_id": "8Base-RH-OCS-4.7:mcg-0:5.7.0-69.85e2026.5.7.el8.x86_64"
},
"product_reference": "mcg-0:5.7.0-69.85e2026.5.7.el8.x86_64",
"relates_to_product_reference": "8Base-RH-OCS-4.7"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-26160",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"discovery_date": "2020-09-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1883371"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in jwt-go where it is vulnerable to Access Restriction Bypass if m[\"aud\"] happens to be []string{}, as allowed by the spec, the type assertion fails and the value of aud is \"\". This can cause audience verification to succeed even if the audiences being passed are incorrect if required is set to false.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jwt-go: access restriction bypass vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The github.com/dgrijalva/jwt-go module is an indirect dependency of the k8s.io/client-go module pulled into Quay Bridge, and Setup operators via the Operator\u0027s SDK generated code. The k8s.io/client-go module does not use jwt-go in an unsafe way [1]. Red Hat Quay components have been marked as wontfix. This may be fixed in the future.\n\nSimilar to Quay, multiple OpenShift Container Platform (OCP) containers include jwt-go as a transient dependency due to go-autorest [1]. As such, those containers do not use jwt-go in an unsafe way. They have been marked wontfix at this time and may be fixed in a future update.\n\nSame as Quay and OpenShift Container Platform, components shipped with Red Hat OpenShift Container Storage 4 do not use jwt-go in an unsafe way and hence this issue has been rated as having a security impact of Low. A future update may address this issue.\n\nRed Hat Gluster Storage 3 shipped multi-cloud-object-gateway-cli as a technical preview and is not currently planned to be addressed in future updates, hence the multi-cloud-object-gateway-cli package will not be fixed.\n\n[1] https://github.com/Azure/go-autorest/issues/568#issuecomment-703804062",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RH-OCS-4.7:mcg-0:5.7.0-69.85e2026.5.7.el8.ppc64le",
"8Base-RH-OCS-4.7:mcg-0:5.7.0-69.85e2026.5.7.el8.s390x",
"8Base-RH-OCS-4.7:mcg-0:5.7.0-69.85e2026.5.7.el8.src",
"8Base-RH-OCS-4.7:mcg-0:5.7.0-69.85e2026.5.7.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26160"
},
{
"category": "external",
"summary": "RHBZ#1883371",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1883371"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26160",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26160"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26160",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26160"
},
{
"category": "external",
"summary": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMDGRIJALVAJWTGO-596515",
"url": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMDGRIJALVAJWTGO-596515"
}
],
"release_date": "2020-09-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-19T10:26:16+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RH-OCS-4.7:mcg-0:5.7.0-69.85e2026.5.7.el8.ppc64le",
"8Base-RH-OCS-4.7:mcg-0:5.7.0-69.85e2026.5.7.el8.s390x",
"8Base-RH-OCS-4.7:mcg-0:5.7.0-69.85e2026.5.7.el8.src",
"8Base-RH-OCS-4.7:mcg-0:5.7.0-69.85e2026.5.7.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:2042"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-RH-OCS-4.7:mcg-0:5.7.0-69.85e2026.5.7.el8.ppc64le",
"8Base-RH-OCS-4.7:mcg-0:5.7.0-69.85e2026.5.7.el8.s390x",
"8Base-RH-OCS-4.7:mcg-0:5.7.0-69.85e2026.5.7.el8.src",
"8Base-RH-OCS-4.7:mcg-0:5.7.0-69.85e2026.5.7.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "jwt-go: access restriction bypass vulnerability"
},
{
"cve": "CVE-2020-28362",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2020-11-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1897635"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the math/big package of Go\u0027s standard library that causes a denial of service. Applications written in Go that use math/big via cryptographic packages, including crypto/rsa and crypto/x509, are vulnerable and can potentially cause panic via a crafted certificate chain. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: math/big: panic during recursive division of very large numbers",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift ServiceMesh (OSSM) 1.1 is Out Of Support Scope (OOSS) for Moderate and Low impact vulnerabilities because it is now in the Maintenance Phase of the support.\nOpenshift Virtualization 1 (formerly Container Native Virtualization) is Out Of Support Scope (OOSS) for Moderate and Low impact vulnerabilities.\n\nRed Hat Gluster Storage 3 shipped multi-cloud-object-gateway-cli and noobaa-operator container as a technical preview and is not currently planned to be addressed in future updates.\n\nOpenShift Container Platform (OCP) 4.5 and earlier are built with Go versions earlier than 1.14, which are not affected by this vulnerability. OCP 4.6 is built with Go 1.15 and is affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RH-OCS-4.7:mcg-0:5.7.0-69.85e2026.5.7.el8.ppc64le",
"8Base-RH-OCS-4.7:mcg-0:5.7.0-69.85e2026.5.7.el8.s390x",
"8Base-RH-OCS-4.7:mcg-0:5.7.0-69.85e2026.5.7.el8.src",
"8Base-RH-OCS-4.7:mcg-0:5.7.0-69.85e2026.5.7.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-28362"
},
{
"category": "external",
"summary": "RHBZ#1897635",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1897635"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-28362",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28362"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-28362",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28362"
}
],
"release_date": "2020-11-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-19T10:26:16+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RH-OCS-4.7:mcg-0:5.7.0-69.85e2026.5.7.el8.ppc64le",
"8Base-RH-OCS-4.7:mcg-0:5.7.0-69.85e2026.5.7.el8.s390x",
"8Base-RH-OCS-4.7:mcg-0:5.7.0-69.85e2026.5.7.el8.src",
"8Base-RH-OCS-4.7:mcg-0:5.7.0-69.85e2026.5.7.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:2042"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RH-OCS-4.7:mcg-0:5.7.0-69.85e2026.5.7.el8.ppc64le",
"8Base-RH-OCS-4.7:mcg-0:5.7.0-69.85e2026.5.7.el8.s390x",
"8Base-RH-OCS-4.7:mcg-0:5.7.0-69.85e2026.5.7.el8.src",
"8Base-RH-OCS-4.7:mcg-0:5.7.0-69.85e2026.5.7.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: math/big: panic during recursive division of very large numbers"
}
]
}
RHSA-2021:2532
Vulnerability from csaf_redhat - Published: 2021-06-23 15:37 - Updated: 2026-04-30 16:09Summary
Red Hat Security Advisory: Red Hat OpenShift Jaeger 1.17.9 security update
Severity
Moderate
Notes
Topic: An update is now available for Red Hat OpenShift Jaeger 1.17.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat OpenShift Jaeger is Red Hat's distribution of the Jaeger project,
tailored for installation into an on-premise OpenShift Container Platform
installation.
Security Fix(es):
* golang: math/big: panic during recursive division of very large numbers (CVE-2020-28362)
* golang: crypto/elliptic: incorrect operations on the P-224 curve (CVE-2021-3114)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the math/big package of Go's standard library that causes a denial of service. Applications written in Go that use math/big via cryptographic packages, including crypto/rsa and crypto/x509, are vulnerable and can potentially cause panic via a crafted certificate chain. The highest threat from this vulnerability is to system availability.
7.5 (High)
Affected products
Fixed
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-JAEGER-1.17:distributed-tracing/jaeger-agent-rhel8@sha256:5230c70692537b4da57bb1ac5bc80810bdef4081f2e739172ed71f8368856afb_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.17:distributed-tracing/jaeger-agent-rhel8@sha256:83c39c6a9af8bc7a78c1f5015d8f3f98e4901f5e013e0e6c39611f96c10c005a_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.17:distributed-tracing/jaeger-agent-rhel8@sha256:9d96dd8c0db9924a2b8e33d787cdbfe87f3c85f0d873b306ea443d719c3af55c_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.17:distributed-tracing/jaeger-all-in-one-rhel8@sha256:5327967e9f5e5d75c79e89fee1bc3f59873efd70b8c19202e74d2a460008defe_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.17:distributed-tracing/jaeger-all-in-one-rhel8@sha256:acb62df32ace2fd13bd5ce9874760d95d567d91bb110b26b19c596fb7d86fef1_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.17:distributed-tracing/jaeger-all-in-one-rhel8@sha256:b585c3a9b824de0f51789a8fecf4a2f7bf9e168b6a3573250bf69d9f782b9bed_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.17:distributed-tracing/jaeger-collector-rhel8@sha256:324d5c7182e1edce237c884164ca5a5ad8766591ff1c6cc6613aa6b7ebb2646b_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.17:distributed-tracing/jaeger-collector-rhel8@sha256:c17fb6a021f391948c0725f0a839684538f57805393f2123732db08fe5c32009_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.17:distributed-tracing/jaeger-collector-rhel8@sha256:db34eb04544e03eb56bf606c95d19f79bbd7ec56bd8c500b49fa448718202c9c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.17:distributed-tracing/jaeger-ingester-rhel8@sha256:582ff08b5c186cdc27b1d5a340c66a841b3ff10f5ee669f9135e5b9f0303d551_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.17:distributed-tracing/jaeger-ingester-rhel8@sha256:81a58e46655d527624cbbba483639e76c21e819e4bf5c65a565d45af79c1832c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.17:distributed-tracing/jaeger-ingester-rhel8@sha256:cf51d733170ac61077cea0b2a7970d92cc077d4ea731c7a9493af9665fd3cd5f_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.17:distributed-tracing/jaeger-query-rhel8@sha256:0cc5eae19cab7732b61418212ce3564e948769240f9d2a4bcaa127afd986f968_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.17:distributed-tracing/jaeger-query-rhel8@sha256:1c5f7c95cda7e7220c158cb254ba24ad9a358caf364533cfeb6cfd02504a64bf_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.17:distributed-tracing/jaeger-query-rhel8@sha256:4c5ac9c1f7833ad630f2d5154100234e762c9e5d6f0118b17bb2efceb1d8a625_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.17:distributed-tracing/jaeger-rhel8-operator@sha256:57c5dd6f4bb187b4c96b482f6fda7f15d2110126c8f15430b46c2b4489a78384_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.17:distributed-tracing/jaeger-rhel8-operator@sha256:5c284ed14cc4cb17f075c28790fb295046cb212e35647390d0bfa00a63522146_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.17:distributed-tracing/jaeger-rhel8-operator@sha256:7df80c3aa4d769c1e57c4b33503a5fb806d0f79fc31f6351e17da5d97306c243_s390x | — |
Vendor Fix
fix
|
Known not affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-JAEGER-1.17:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:51c654d56bf087cb262d331857ca22fd25c4caea97d19e2f7492188303b0c952_s390x | — | ||
| Unresolved product id: 8Base-JAEGER-1.17:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:9ea14402c0626a90c5e2d4916d8aad2363e5bc9537ffa19bab940a8a49290217_ppc64le | — | ||
| Unresolved product id: 8Base-JAEGER-1.17:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:bbc2a4caa4458377ed2de14841178707da55589383e090b54c2b13c6a110bc81_amd64 | — | ||
| Unresolved product id: 8Base-JAEGER-1.17:distributed-tracing/jaeger-es-rollover-rhel8@sha256:68a13a7b385494c25e6af73f6b6b555c026f3f06566b935f97f8efd9a76c6449_ppc64le | — | ||
| Unresolved product id: 8Base-JAEGER-1.17:distributed-tracing/jaeger-es-rollover-rhel8@sha256:873fb90564825ff2d3f5881d6db14efb40f9195bee5908e35cf1352c8acc87a9_s390x | — | ||
| Unresolved product id: 8Base-JAEGER-1.17:distributed-tracing/jaeger-es-rollover-rhel8@sha256:9c4bc759b3194d5d93448efff4a7b1e60d077e49f1a2a7452da263e46813a35a_amd64 | — |
Threats
Impact
Moderate
A flaw detected in golang: crypto/elliptic, in which P-224 keys as generated can return incorrect inputs, reducing the strength of the cryptography. The highest threat from this vulnerability is confidentiality and integrity.
6.5 (Medium)
Affected products
Fixed
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-JAEGER-1.17:distributed-tracing/jaeger-agent-rhel8@sha256:5230c70692537b4da57bb1ac5bc80810bdef4081f2e739172ed71f8368856afb_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.17:distributed-tracing/jaeger-agent-rhel8@sha256:83c39c6a9af8bc7a78c1f5015d8f3f98e4901f5e013e0e6c39611f96c10c005a_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.17:distributed-tracing/jaeger-agent-rhel8@sha256:9d96dd8c0db9924a2b8e33d787cdbfe87f3c85f0d873b306ea443d719c3af55c_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.17:distributed-tracing/jaeger-all-in-one-rhel8@sha256:5327967e9f5e5d75c79e89fee1bc3f59873efd70b8c19202e74d2a460008defe_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.17:distributed-tracing/jaeger-all-in-one-rhel8@sha256:acb62df32ace2fd13bd5ce9874760d95d567d91bb110b26b19c596fb7d86fef1_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.17:distributed-tracing/jaeger-all-in-one-rhel8@sha256:b585c3a9b824de0f51789a8fecf4a2f7bf9e168b6a3573250bf69d9f782b9bed_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.17:distributed-tracing/jaeger-collector-rhel8@sha256:324d5c7182e1edce237c884164ca5a5ad8766591ff1c6cc6613aa6b7ebb2646b_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.17:distributed-tracing/jaeger-collector-rhel8@sha256:c17fb6a021f391948c0725f0a839684538f57805393f2123732db08fe5c32009_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.17:distributed-tracing/jaeger-collector-rhel8@sha256:db34eb04544e03eb56bf606c95d19f79bbd7ec56bd8c500b49fa448718202c9c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.17:distributed-tracing/jaeger-ingester-rhel8@sha256:582ff08b5c186cdc27b1d5a340c66a841b3ff10f5ee669f9135e5b9f0303d551_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.17:distributed-tracing/jaeger-ingester-rhel8@sha256:81a58e46655d527624cbbba483639e76c21e819e4bf5c65a565d45af79c1832c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.17:distributed-tracing/jaeger-ingester-rhel8@sha256:cf51d733170ac61077cea0b2a7970d92cc077d4ea731c7a9493af9665fd3cd5f_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.17:distributed-tracing/jaeger-query-rhel8@sha256:0cc5eae19cab7732b61418212ce3564e948769240f9d2a4bcaa127afd986f968_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.17:distributed-tracing/jaeger-query-rhel8@sha256:1c5f7c95cda7e7220c158cb254ba24ad9a358caf364533cfeb6cfd02504a64bf_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.17:distributed-tracing/jaeger-query-rhel8@sha256:4c5ac9c1f7833ad630f2d5154100234e762c9e5d6f0118b17bb2efceb1d8a625_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.17:distributed-tracing/jaeger-rhel8-operator@sha256:57c5dd6f4bb187b4c96b482f6fda7f15d2110126c8f15430b46c2b4489a78384_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.17:distributed-tracing/jaeger-rhel8-operator@sha256:5c284ed14cc4cb17f075c28790fb295046cb212e35647390d0bfa00a63522146_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.17:distributed-tracing/jaeger-rhel8-operator@sha256:7df80c3aa4d769c1e57c4b33503a5fb806d0f79fc31f6351e17da5d97306c243_s390x | — |
Vendor Fix
fix
|
Known not affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-JAEGER-1.17:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:51c654d56bf087cb262d331857ca22fd25c4caea97d19e2f7492188303b0c952_s390x | — | ||
| Unresolved product id: 8Base-JAEGER-1.17:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:9ea14402c0626a90c5e2d4916d8aad2363e5bc9537ffa19bab940a8a49290217_ppc64le | — | ||
| Unresolved product id: 8Base-JAEGER-1.17:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:bbc2a4caa4458377ed2de14841178707da55589383e090b54c2b13c6a110bc81_amd64 | — | ||
| Unresolved product id: 8Base-JAEGER-1.17:distributed-tracing/jaeger-es-rollover-rhel8@sha256:68a13a7b385494c25e6af73f6b6b555c026f3f06566b935f97f8efd9a76c6449_ppc64le | — | ||
| Unresolved product id: 8Base-JAEGER-1.17:distributed-tracing/jaeger-es-rollover-rhel8@sha256:873fb90564825ff2d3f5881d6db14efb40f9195bee5908e35cf1352c8acc87a9_s390x | — | ||
| Unresolved product id: 8Base-JAEGER-1.17:distributed-tracing/jaeger-es-rollover-rhel8@sha256:9c4bc759b3194d5d93448efff4a7b1e60d077e49f1a2a7452da263e46813a35a_amd64 | — |
Threats
Impact
Moderate
References
15 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat OpenShift Jaeger 1.17.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Jaeger is Red Hat\u0027s distribution of the Jaeger project,\ntailored for installation into an on-premise OpenShift Container Platform\ninstallation.\n\nSecurity Fix(es):\n\n* golang: math/big: panic during recursive division of very large numbers (CVE-2020-28362)\n\n* golang: crypto/elliptic: incorrect operations on the P-224 curve (CVE-2021-3114)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2021:2532",
"url": "https://access.redhat.com/errata/RHSA-2021:2532"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1897635",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1897635"
},
{
"category": "external",
"summary": "1918750",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1918750"
},
{
"category": "external",
"summary": "TRACING-1725",
"url": "https://issues.redhat.com/browse/TRACING-1725"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_2532.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Jaeger 1.17.9 security update",
"tracking": {
"current_release_date": "2026-04-30T16:09:28+00:00",
"generator": {
"date": "2026-04-30T16:09:28+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.7"
}
},
"id": "RHSA-2021:2532",
"initial_release_date": "2021-06-23T15:37:37+00:00",
"revision_history": [
{
"date": "2021-06-23T15:37:37+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2021-06-23T15:37:37+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-04-30T16:09:28+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Jaeger 1.17",
"product": {
"name": "Red Hat OpenShift Jaeger 1.17",
"product_id": "8Base-JAEGER-1.17",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jaeger:1.17::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Jaeger"
},
{
"branches": [
{
"category": "product_version",
"name": "distributed-tracing/jaeger-agent-rhel8@sha256:9d96dd8c0db9924a2b8e33d787cdbfe87f3c85f0d873b306ea443d719c3af55c_s390x",
"product": {
"name": "distributed-tracing/jaeger-agent-rhel8@sha256:9d96dd8c0db9924a2b8e33d787cdbfe87f3c85f0d873b306ea443d719c3af55c_s390x",
"product_id": "distributed-tracing/jaeger-agent-rhel8@sha256:9d96dd8c0db9924a2b8e33d787cdbfe87f3c85f0d873b306ea443d719c3af55c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-agent-rhel8@sha256:9d96dd8c0db9924a2b8e33d787cdbfe87f3c85f0d873b306ea443d719c3af55c?arch=s390x\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-agent-rhel8\u0026tag=1.17.9-7"
}
}
},
{
"category": "product_version",
"name": "distributed-tracing/jaeger-all-in-one-rhel8@sha256:b585c3a9b824de0f51789a8fecf4a2f7bf9e168b6a3573250bf69d9f782b9bed_s390x",
"product": {
"name": "distributed-tracing/jaeger-all-in-one-rhel8@sha256:b585c3a9b824de0f51789a8fecf4a2f7bf9e168b6a3573250bf69d9f782b9bed_s390x",
"product_id": "distributed-tracing/jaeger-all-in-one-rhel8@sha256:b585c3a9b824de0f51789a8fecf4a2f7bf9e168b6a3573250bf69d9f782b9bed_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-all-in-one-rhel8@sha256:b585c3a9b824de0f51789a8fecf4a2f7bf9e168b6a3573250bf69d9f782b9bed?arch=s390x\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-all-in-one-rhel8\u0026tag=1.17.9-7"
}
}
},
{
"category": "product_version",
"name": "distributed-tracing/jaeger-collector-rhel8@sha256:c17fb6a021f391948c0725f0a839684538f57805393f2123732db08fe5c32009_s390x",
"product": {
"name": "distributed-tracing/jaeger-collector-rhel8@sha256:c17fb6a021f391948c0725f0a839684538f57805393f2123732db08fe5c32009_s390x",
"product_id": "distributed-tracing/jaeger-collector-rhel8@sha256:c17fb6a021f391948c0725f0a839684538f57805393f2123732db08fe5c32009_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-collector-rhel8@sha256:c17fb6a021f391948c0725f0a839684538f57805393f2123732db08fe5c32009?arch=s390x\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-collector-rhel8\u0026tag=1.17.9-7"
}
}
},
{
"category": "product_version",
"name": "distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:51c654d56bf087cb262d331857ca22fd25c4caea97d19e2f7492188303b0c952_s390x",
"product": {
"name": "distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:51c654d56bf087cb262d331857ca22fd25c4caea97d19e2f7492188303b0c952_s390x",
"product_id": "distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:51c654d56bf087cb262d331857ca22fd25c4caea97d19e2f7492188303b0c952_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-es-index-cleaner-rhel8@sha256:51c654d56bf087cb262d331857ca22fd25c4caea97d19e2f7492188303b0c952?arch=s390x\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-es-index-cleaner-rhel8\u0026tag=1.17.9-5"
}
}
},
{
"category": "product_version",
"name": "distributed-tracing/jaeger-es-rollover-rhel8@sha256:873fb90564825ff2d3f5881d6db14efb40f9195bee5908e35cf1352c8acc87a9_s390x",
"product": {
"name": "distributed-tracing/jaeger-es-rollover-rhel8@sha256:873fb90564825ff2d3f5881d6db14efb40f9195bee5908e35cf1352c8acc87a9_s390x",
"product_id": "distributed-tracing/jaeger-es-rollover-rhel8@sha256:873fb90564825ff2d3f5881d6db14efb40f9195bee5908e35cf1352c8acc87a9_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-es-rollover-rhel8@sha256:873fb90564825ff2d3f5881d6db14efb40f9195bee5908e35cf1352c8acc87a9?arch=s390x\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-es-rollover-rhel8\u0026tag=1.17.9-4"
}
}
},
{
"category": "product_version",
"name": "distributed-tracing/jaeger-ingester-rhel8@sha256:582ff08b5c186cdc27b1d5a340c66a841b3ff10f5ee669f9135e5b9f0303d551_s390x",
"product": {
"name": "distributed-tracing/jaeger-ingester-rhel8@sha256:582ff08b5c186cdc27b1d5a340c66a841b3ff10f5ee669f9135e5b9f0303d551_s390x",
"product_id": "distributed-tracing/jaeger-ingester-rhel8@sha256:582ff08b5c186cdc27b1d5a340c66a841b3ff10f5ee669f9135e5b9f0303d551_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-ingester-rhel8@sha256:582ff08b5c186cdc27b1d5a340c66a841b3ff10f5ee669f9135e5b9f0303d551?arch=s390x\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-ingester-rhel8\u0026tag=1.17.9-7"
}
}
},
{
"category": "product_version",
"name": "distributed-tracing/jaeger-query-rhel8@sha256:0cc5eae19cab7732b61418212ce3564e948769240f9d2a4bcaa127afd986f968_s390x",
"product": {
"name": "distributed-tracing/jaeger-query-rhel8@sha256:0cc5eae19cab7732b61418212ce3564e948769240f9d2a4bcaa127afd986f968_s390x",
"product_id": "distributed-tracing/jaeger-query-rhel8@sha256:0cc5eae19cab7732b61418212ce3564e948769240f9d2a4bcaa127afd986f968_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-query-rhel8@sha256:0cc5eae19cab7732b61418212ce3564e948769240f9d2a4bcaa127afd986f968?arch=s390x\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-query-rhel8\u0026tag=1.17.9-7"
}
}
},
{
"category": "product_version",
"name": "distributed-tracing/jaeger-rhel8-operator@sha256:7df80c3aa4d769c1e57c4b33503a5fb806d0f79fc31f6351e17da5d97306c243_s390x",
"product": {
"name": "distributed-tracing/jaeger-rhel8-operator@sha256:7df80c3aa4d769c1e57c4b33503a5fb806d0f79fc31f6351e17da5d97306c243_s390x",
"product_id": "distributed-tracing/jaeger-rhel8-operator@sha256:7df80c3aa4d769c1e57c4b33503a5fb806d0f79fc31f6351e17da5d97306c243_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-rhel8-operator@sha256:7df80c3aa4d769c1e57c4b33503a5fb806d0f79fc31f6351e17da5d97306c243?arch=s390x\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-rhel8-operator\u0026tag=1.17.9-7"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "distributed-tracing/jaeger-agent-rhel8@sha256:5230c70692537b4da57bb1ac5bc80810bdef4081f2e739172ed71f8368856afb_amd64",
"product": {
"name": "distributed-tracing/jaeger-agent-rhel8@sha256:5230c70692537b4da57bb1ac5bc80810bdef4081f2e739172ed71f8368856afb_amd64",
"product_id": "distributed-tracing/jaeger-agent-rhel8@sha256:5230c70692537b4da57bb1ac5bc80810bdef4081f2e739172ed71f8368856afb_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-agent-rhel8@sha256:5230c70692537b4da57bb1ac5bc80810bdef4081f2e739172ed71f8368856afb?arch=amd64\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-agent-rhel8\u0026tag=1.17.9-7"
}
}
},
{
"category": "product_version",
"name": "distributed-tracing/jaeger-all-in-one-rhel8@sha256:5327967e9f5e5d75c79e89fee1bc3f59873efd70b8c19202e74d2a460008defe_amd64",
"product": {
"name": "distributed-tracing/jaeger-all-in-one-rhel8@sha256:5327967e9f5e5d75c79e89fee1bc3f59873efd70b8c19202e74d2a460008defe_amd64",
"product_id": "distributed-tracing/jaeger-all-in-one-rhel8@sha256:5327967e9f5e5d75c79e89fee1bc3f59873efd70b8c19202e74d2a460008defe_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-all-in-one-rhel8@sha256:5327967e9f5e5d75c79e89fee1bc3f59873efd70b8c19202e74d2a460008defe?arch=amd64\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-all-in-one-rhel8\u0026tag=1.17.9-7"
}
}
},
{
"category": "product_version",
"name": "distributed-tracing/jaeger-collector-rhel8@sha256:db34eb04544e03eb56bf606c95d19f79bbd7ec56bd8c500b49fa448718202c9c_amd64",
"product": {
"name": "distributed-tracing/jaeger-collector-rhel8@sha256:db34eb04544e03eb56bf606c95d19f79bbd7ec56bd8c500b49fa448718202c9c_amd64",
"product_id": "distributed-tracing/jaeger-collector-rhel8@sha256:db34eb04544e03eb56bf606c95d19f79bbd7ec56bd8c500b49fa448718202c9c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-collector-rhel8@sha256:db34eb04544e03eb56bf606c95d19f79bbd7ec56bd8c500b49fa448718202c9c?arch=amd64\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-collector-rhel8\u0026tag=1.17.9-7"
}
}
},
{
"category": "product_version",
"name": "distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:bbc2a4caa4458377ed2de14841178707da55589383e090b54c2b13c6a110bc81_amd64",
"product": {
"name": "distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:bbc2a4caa4458377ed2de14841178707da55589383e090b54c2b13c6a110bc81_amd64",
"product_id": "distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:bbc2a4caa4458377ed2de14841178707da55589383e090b54c2b13c6a110bc81_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-es-index-cleaner-rhel8@sha256:bbc2a4caa4458377ed2de14841178707da55589383e090b54c2b13c6a110bc81?arch=amd64\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-es-index-cleaner-rhel8\u0026tag=1.17.9-5"
}
}
},
{
"category": "product_version",
"name": "distributed-tracing/jaeger-es-rollover-rhel8@sha256:9c4bc759b3194d5d93448efff4a7b1e60d077e49f1a2a7452da263e46813a35a_amd64",
"product": {
"name": "distributed-tracing/jaeger-es-rollover-rhel8@sha256:9c4bc759b3194d5d93448efff4a7b1e60d077e49f1a2a7452da263e46813a35a_amd64",
"product_id": "distributed-tracing/jaeger-es-rollover-rhel8@sha256:9c4bc759b3194d5d93448efff4a7b1e60d077e49f1a2a7452da263e46813a35a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-es-rollover-rhel8@sha256:9c4bc759b3194d5d93448efff4a7b1e60d077e49f1a2a7452da263e46813a35a?arch=amd64\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-es-rollover-rhel8\u0026tag=1.17.9-4"
}
}
},
{
"category": "product_version",
"name": "distributed-tracing/jaeger-ingester-rhel8@sha256:81a58e46655d527624cbbba483639e76c21e819e4bf5c65a565d45af79c1832c_amd64",
"product": {
"name": "distributed-tracing/jaeger-ingester-rhel8@sha256:81a58e46655d527624cbbba483639e76c21e819e4bf5c65a565d45af79c1832c_amd64",
"product_id": "distributed-tracing/jaeger-ingester-rhel8@sha256:81a58e46655d527624cbbba483639e76c21e819e4bf5c65a565d45af79c1832c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-ingester-rhel8@sha256:81a58e46655d527624cbbba483639e76c21e819e4bf5c65a565d45af79c1832c?arch=amd64\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-ingester-rhel8\u0026tag=1.17.9-7"
}
}
},
{
"category": "product_version",
"name": "distributed-tracing/jaeger-query-rhel8@sha256:4c5ac9c1f7833ad630f2d5154100234e762c9e5d6f0118b17bb2efceb1d8a625_amd64",
"product": {
"name": "distributed-tracing/jaeger-query-rhel8@sha256:4c5ac9c1f7833ad630f2d5154100234e762c9e5d6f0118b17bb2efceb1d8a625_amd64",
"product_id": "distributed-tracing/jaeger-query-rhel8@sha256:4c5ac9c1f7833ad630f2d5154100234e762c9e5d6f0118b17bb2efceb1d8a625_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-query-rhel8@sha256:4c5ac9c1f7833ad630f2d5154100234e762c9e5d6f0118b17bb2efceb1d8a625?arch=amd64\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-query-rhel8\u0026tag=1.17.9-7"
}
}
},
{
"category": "product_version",
"name": "distributed-tracing/jaeger-rhel8-operator@sha256:57c5dd6f4bb187b4c96b482f6fda7f15d2110126c8f15430b46c2b4489a78384_amd64",
"product": {
"name": "distributed-tracing/jaeger-rhel8-operator@sha256:57c5dd6f4bb187b4c96b482f6fda7f15d2110126c8f15430b46c2b4489a78384_amd64",
"product_id": "distributed-tracing/jaeger-rhel8-operator@sha256:57c5dd6f4bb187b4c96b482f6fda7f15d2110126c8f15430b46c2b4489a78384_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-rhel8-operator@sha256:57c5dd6f4bb187b4c96b482f6fda7f15d2110126c8f15430b46c2b4489a78384?arch=amd64\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-rhel8-operator\u0026tag=1.17.9-7"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "distributed-tracing/jaeger-agent-rhel8@sha256:83c39c6a9af8bc7a78c1f5015d8f3f98e4901f5e013e0e6c39611f96c10c005a_ppc64le",
"product": {
"name": "distributed-tracing/jaeger-agent-rhel8@sha256:83c39c6a9af8bc7a78c1f5015d8f3f98e4901f5e013e0e6c39611f96c10c005a_ppc64le",
"product_id": "distributed-tracing/jaeger-agent-rhel8@sha256:83c39c6a9af8bc7a78c1f5015d8f3f98e4901f5e013e0e6c39611f96c10c005a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-agent-rhel8@sha256:83c39c6a9af8bc7a78c1f5015d8f3f98e4901f5e013e0e6c39611f96c10c005a?arch=ppc64le\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-agent-rhel8\u0026tag=1.17.9-7"
}
}
},
{
"category": "product_version",
"name": "distributed-tracing/jaeger-all-in-one-rhel8@sha256:acb62df32ace2fd13bd5ce9874760d95d567d91bb110b26b19c596fb7d86fef1_ppc64le",
"product": {
"name": "distributed-tracing/jaeger-all-in-one-rhel8@sha256:acb62df32ace2fd13bd5ce9874760d95d567d91bb110b26b19c596fb7d86fef1_ppc64le",
"product_id": "distributed-tracing/jaeger-all-in-one-rhel8@sha256:acb62df32ace2fd13bd5ce9874760d95d567d91bb110b26b19c596fb7d86fef1_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-all-in-one-rhel8@sha256:acb62df32ace2fd13bd5ce9874760d95d567d91bb110b26b19c596fb7d86fef1?arch=ppc64le\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-all-in-one-rhel8\u0026tag=1.17.9-7"
}
}
},
{
"category": "product_version",
"name": "distributed-tracing/jaeger-collector-rhel8@sha256:324d5c7182e1edce237c884164ca5a5ad8766591ff1c6cc6613aa6b7ebb2646b_ppc64le",
"product": {
"name": "distributed-tracing/jaeger-collector-rhel8@sha256:324d5c7182e1edce237c884164ca5a5ad8766591ff1c6cc6613aa6b7ebb2646b_ppc64le",
"product_id": "distributed-tracing/jaeger-collector-rhel8@sha256:324d5c7182e1edce237c884164ca5a5ad8766591ff1c6cc6613aa6b7ebb2646b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-collector-rhel8@sha256:324d5c7182e1edce237c884164ca5a5ad8766591ff1c6cc6613aa6b7ebb2646b?arch=ppc64le\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-collector-rhel8\u0026tag=1.17.9-7"
}
}
},
{
"category": "product_version",
"name": "distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:9ea14402c0626a90c5e2d4916d8aad2363e5bc9537ffa19bab940a8a49290217_ppc64le",
"product": {
"name": "distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:9ea14402c0626a90c5e2d4916d8aad2363e5bc9537ffa19bab940a8a49290217_ppc64le",
"product_id": "distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:9ea14402c0626a90c5e2d4916d8aad2363e5bc9537ffa19bab940a8a49290217_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-es-index-cleaner-rhel8@sha256:9ea14402c0626a90c5e2d4916d8aad2363e5bc9537ffa19bab940a8a49290217?arch=ppc64le\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-es-index-cleaner-rhel8\u0026tag=1.17.9-5"
}
}
},
{
"category": "product_version",
"name": "distributed-tracing/jaeger-es-rollover-rhel8@sha256:68a13a7b385494c25e6af73f6b6b555c026f3f06566b935f97f8efd9a76c6449_ppc64le",
"product": {
"name": "distributed-tracing/jaeger-es-rollover-rhel8@sha256:68a13a7b385494c25e6af73f6b6b555c026f3f06566b935f97f8efd9a76c6449_ppc64le",
"product_id": "distributed-tracing/jaeger-es-rollover-rhel8@sha256:68a13a7b385494c25e6af73f6b6b555c026f3f06566b935f97f8efd9a76c6449_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-es-rollover-rhel8@sha256:68a13a7b385494c25e6af73f6b6b555c026f3f06566b935f97f8efd9a76c6449?arch=ppc64le\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-es-rollover-rhel8\u0026tag=1.17.9-4"
}
}
},
{
"category": "product_version",
"name": "distributed-tracing/jaeger-ingester-rhel8@sha256:cf51d733170ac61077cea0b2a7970d92cc077d4ea731c7a9493af9665fd3cd5f_ppc64le",
"product": {
"name": "distributed-tracing/jaeger-ingester-rhel8@sha256:cf51d733170ac61077cea0b2a7970d92cc077d4ea731c7a9493af9665fd3cd5f_ppc64le",
"product_id": "distributed-tracing/jaeger-ingester-rhel8@sha256:cf51d733170ac61077cea0b2a7970d92cc077d4ea731c7a9493af9665fd3cd5f_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-ingester-rhel8@sha256:cf51d733170ac61077cea0b2a7970d92cc077d4ea731c7a9493af9665fd3cd5f?arch=ppc64le\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-ingester-rhel8\u0026tag=1.17.9-7"
}
}
},
{
"category": "product_version",
"name": "distributed-tracing/jaeger-query-rhel8@sha256:1c5f7c95cda7e7220c158cb254ba24ad9a358caf364533cfeb6cfd02504a64bf_ppc64le",
"product": {
"name": "distributed-tracing/jaeger-query-rhel8@sha256:1c5f7c95cda7e7220c158cb254ba24ad9a358caf364533cfeb6cfd02504a64bf_ppc64le",
"product_id": "distributed-tracing/jaeger-query-rhel8@sha256:1c5f7c95cda7e7220c158cb254ba24ad9a358caf364533cfeb6cfd02504a64bf_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-query-rhel8@sha256:1c5f7c95cda7e7220c158cb254ba24ad9a358caf364533cfeb6cfd02504a64bf?arch=ppc64le\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-query-rhel8\u0026tag=1.17.9-7"
}
}
},
{
"category": "product_version",
"name": "distributed-tracing/jaeger-rhel8-operator@sha256:5c284ed14cc4cb17f075c28790fb295046cb212e35647390d0bfa00a63522146_ppc64le",
"product": {
"name": "distributed-tracing/jaeger-rhel8-operator@sha256:5c284ed14cc4cb17f075c28790fb295046cb212e35647390d0bfa00a63522146_ppc64le",
"product_id": "distributed-tracing/jaeger-rhel8-operator@sha256:5c284ed14cc4cb17f075c28790fb295046cb212e35647390d0bfa00a63522146_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-rhel8-operator@sha256:5c284ed14cc4cb17f075c28790fb295046cb212e35647390d0bfa00a63522146?arch=ppc64le\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-rhel8-operator\u0026tag=1.17.9-7"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "distributed-tracing/jaeger-agent-rhel8@sha256:5230c70692537b4da57bb1ac5bc80810bdef4081f2e739172ed71f8368856afb_amd64 as a component of Red Hat OpenShift Jaeger 1.17",
"product_id": "8Base-JAEGER-1.17:distributed-tracing/jaeger-agent-rhel8@sha256:5230c70692537b4da57bb1ac5bc80810bdef4081f2e739172ed71f8368856afb_amd64"
},
"product_reference": "distributed-tracing/jaeger-agent-rhel8@sha256:5230c70692537b4da57bb1ac5bc80810bdef4081f2e739172ed71f8368856afb_amd64",
"relates_to_product_reference": "8Base-JAEGER-1.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "distributed-tracing/jaeger-agent-rhel8@sha256:83c39c6a9af8bc7a78c1f5015d8f3f98e4901f5e013e0e6c39611f96c10c005a_ppc64le as a component of Red Hat OpenShift Jaeger 1.17",
"product_id": "8Base-JAEGER-1.17:distributed-tracing/jaeger-agent-rhel8@sha256:83c39c6a9af8bc7a78c1f5015d8f3f98e4901f5e013e0e6c39611f96c10c005a_ppc64le"
},
"product_reference": "distributed-tracing/jaeger-agent-rhel8@sha256:83c39c6a9af8bc7a78c1f5015d8f3f98e4901f5e013e0e6c39611f96c10c005a_ppc64le",
"relates_to_product_reference": "8Base-JAEGER-1.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "distributed-tracing/jaeger-agent-rhel8@sha256:9d96dd8c0db9924a2b8e33d787cdbfe87f3c85f0d873b306ea443d719c3af55c_s390x as a component of Red Hat OpenShift Jaeger 1.17",
"product_id": "8Base-JAEGER-1.17:distributed-tracing/jaeger-agent-rhel8@sha256:9d96dd8c0db9924a2b8e33d787cdbfe87f3c85f0d873b306ea443d719c3af55c_s390x"
},
"product_reference": "distributed-tracing/jaeger-agent-rhel8@sha256:9d96dd8c0db9924a2b8e33d787cdbfe87f3c85f0d873b306ea443d719c3af55c_s390x",
"relates_to_product_reference": "8Base-JAEGER-1.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "distributed-tracing/jaeger-all-in-one-rhel8@sha256:5327967e9f5e5d75c79e89fee1bc3f59873efd70b8c19202e74d2a460008defe_amd64 as a component of Red Hat OpenShift Jaeger 1.17",
"product_id": "8Base-JAEGER-1.17:distributed-tracing/jaeger-all-in-one-rhel8@sha256:5327967e9f5e5d75c79e89fee1bc3f59873efd70b8c19202e74d2a460008defe_amd64"
},
"product_reference": "distributed-tracing/jaeger-all-in-one-rhel8@sha256:5327967e9f5e5d75c79e89fee1bc3f59873efd70b8c19202e74d2a460008defe_amd64",
"relates_to_product_reference": "8Base-JAEGER-1.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "distributed-tracing/jaeger-all-in-one-rhel8@sha256:acb62df32ace2fd13bd5ce9874760d95d567d91bb110b26b19c596fb7d86fef1_ppc64le as a component of Red Hat OpenShift Jaeger 1.17",
"product_id": "8Base-JAEGER-1.17:distributed-tracing/jaeger-all-in-one-rhel8@sha256:acb62df32ace2fd13bd5ce9874760d95d567d91bb110b26b19c596fb7d86fef1_ppc64le"
},
"product_reference": "distributed-tracing/jaeger-all-in-one-rhel8@sha256:acb62df32ace2fd13bd5ce9874760d95d567d91bb110b26b19c596fb7d86fef1_ppc64le",
"relates_to_product_reference": "8Base-JAEGER-1.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "distributed-tracing/jaeger-all-in-one-rhel8@sha256:b585c3a9b824de0f51789a8fecf4a2f7bf9e168b6a3573250bf69d9f782b9bed_s390x as a component of Red Hat OpenShift Jaeger 1.17",
"product_id": "8Base-JAEGER-1.17:distributed-tracing/jaeger-all-in-one-rhel8@sha256:b585c3a9b824de0f51789a8fecf4a2f7bf9e168b6a3573250bf69d9f782b9bed_s390x"
},
"product_reference": "distributed-tracing/jaeger-all-in-one-rhel8@sha256:b585c3a9b824de0f51789a8fecf4a2f7bf9e168b6a3573250bf69d9f782b9bed_s390x",
"relates_to_product_reference": "8Base-JAEGER-1.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "distributed-tracing/jaeger-collector-rhel8@sha256:324d5c7182e1edce237c884164ca5a5ad8766591ff1c6cc6613aa6b7ebb2646b_ppc64le as a component of Red Hat OpenShift Jaeger 1.17",
"product_id": "8Base-JAEGER-1.17:distributed-tracing/jaeger-collector-rhel8@sha256:324d5c7182e1edce237c884164ca5a5ad8766591ff1c6cc6613aa6b7ebb2646b_ppc64le"
},
"product_reference": "distributed-tracing/jaeger-collector-rhel8@sha256:324d5c7182e1edce237c884164ca5a5ad8766591ff1c6cc6613aa6b7ebb2646b_ppc64le",
"relates_to_product_reference": "8Base-JAEGER-1.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "distributed-tracing/jaeger-collector-rhel8@sha256:c17fb6a021f391948c0725f0a839684538f57805393f2123732db08fe5c32009_s390x as a component of Red Hat OpenShift Jaeger 1.17",
"product_id": "8Base-JAEGER-1.17:distributed-tracing/jaeger-collector-rhel8@sha256:c17fb6a021f391948c0725f0a839684538f57805393f2123732db08fe5c32009_s390x"
},
"product_reference": "distributed-tracing/jaeger-collector-rhel8@sha256:c17fb6a021f391948c0725f0a839684538f57805393f2123732db08fe5c32009_s390x",
"relates_to_product_reference": "8Base-JAEGER-1.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "distributed-tracing/jaeger-collector-rhel8@sha256:db34eb04544e03eb56bf606c95d19f79bbd7ec56bd8c500b49fa448718202c9c_amd64 as a component of Red Hat OpenShift Jaeger 1.17",
"product_id": "8Base-JAEGER-1.17:distributed-tracing/jaeger-collector-rhel8@sha256:db34eb04544e03eb56bf606c95d19f79bbd7ec56bd8c500b49fa448718202c9c_amd64"
},
"product_reference": "distributed-tracing/jaeger-collector-rhel8@sha256:db34eb04544e03eb56bf606c95d19f79bbd7ec56bd8c500b49fa448718202c9c_amd64",
"relates_to_product_reference": "8Base-JAEGER-1.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:51c654d56bf087cb262d331857ca22fd25c4caea97d19e2f7492188303b0c952_s390x as a component of Red Hat OpenShift Jaeger 1.17",
"product_id": "8Base-JAEGER-1.17:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:51c654d56bf087cb262d331857ca22fd25c4caea97d19e2f7492188303b0c952_s390x"
},
"product_reference": "distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:51c654d56bf087cb262d331857ca22fd25c4caea97d19e2f7492188303b0c952_s390x",
"relates_to_product_reference": "8Base-JAEGER-1.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:9ea14402c0626a90c5e2d4916d8aad2363e5bc9537ffa19bab940a8a49290217_ppc64le as a component of Red Hat OpenShift Jaeger 1.17",
"product_id": "8Base-JAEGER-1.17:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:9ea14402c0626a90c5e2d4916d8aad2363e5bc9537ffa19bab940a8a49290217_ppc64le"
},
"product_reference": "distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:9ea14402c0626a90c5e2d4916d8aad2363e5bc9537ffa19bab940a8a49290217_ppc64le",
"relates_to_product_reference": "8Base-JAEGER-1.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:bbc2a4caa4458377ed2de14841178707da55589383e090b54c2b13c6a110bc81_amd64 as a component of Red Hat OpenShift Jaeger 1.17",
"product_id": "8Base-JAEGER-1.17:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:bbc2a4caa4458377ed2de14841178707da55589383e090b54c2b13c6a110bc81_amd64"
},
"product_reference": "distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:bbc2a4caa4458377ed2de14841178707da55589383e090b54c2b13c6a110bc81_amd64",
"relates_to_product_reference": "8Base-JAEGER-1.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "distributed-tracing/jaeger-es-rollover-rhel8@sha256:68a13a7b385494c25e6af73f6b6b555c026f3f06566b935f97f8efd9a76c6449_ppc64le as a component of Red Hat OpenShift Jaeger 1.17",
"product_id": "8Base-JAEGER-1.17:distributed-tracing/jaeger-es-rollover-rhel8@sha256:68a13a7b385494c25e6af73f6b6b555c026f3f06566b935f97f8efd9a76c6449_ppc64le"
},
"product_reference": "distributed-tracing/jaeger-es-rollover-rhel8@sha256:68a13a7b385494c25e6af73f6b6b555c026f3f06566b935f97f8efd9a76c6449_ppc64le",
"relates_to_product_reference": "8Base-JAEGER-1.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "distributed-tracing/jaeger-es-rollover-rhel8@sha256:873fb90564825ff2d3f5881d6db14efb40f9195bee5908e35cf1352c8acc87a9_s390x as a component of Red Hat OpenShift Jaeger 1.17",
"product_id": "8Base-JAEGER-1.17:distributed-tracing/jaeger-es-rollover-rhel8@sha256:873fb90564825ff2d3f5881d6db14efb40f9195bee5908e35cf1352c8acc87a9_s390x"
},
"product_reference": "distributed-tracing/jaeger-es-rollover-rhel8@sha256:873fb90564825ff2d3f5881d6db14efb40f9195bee5908e35cf1352c8acc87a9_s390x",
"relates_to_product_reference": "8Base-JAEGER-1.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "distributed-tracing/jaeger-es-rollover-rhel8@sha256:9c4bc759b3194d5d93448efff4a7b1e60d077e49f1a2a7452da263e46813a35a_amd64 as a component of Red Hat OpenShift Jaeger 1.17",
"product_id": "8Base-JAEGER-1.17:distributed-tracing/jaeger-es-rollover-rhel8@sha256:9c4bc759b3194d5d93448efff4a7b1e60d077e49f1a2a7452da263e46813a35a_amd64"
},
"product_reference": "distributed-tracing/jaeger-es-rollover-rhel8@sha256:9c4bc759b3194d5d93448efff4a7b1e60d077e49f1a2a7452da263e46813a35a_amd64",
"relates_to_product_reference": "8Base-JAEGER-1.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "distributed-tracing/jaeger-ingester-rhel8@sha256:582ff08b5c186cdc27b1d5a340c66a841b3ff10f5ee669f9135e5b9f0303d551_s390x as a component of Red Hat OpenShift Jaeger 1.17",
"product_id": "8Base-JAEGER-1.17:distributed-tracing/jaeger-ingester-rhel8@sha256:582ff08b5c186cdc27b1d5a340c66a841b3ff10f5ee669f9135e5b9f0303d551_s390x"
},
"product_reference": "distributed-tracing/jaeger-ingester-rhel8@sha256:582ff08b5c186cdc27b1d5a340c66a841b3ff10f5ee669f9135e5b9f0303d551_s390x",
"relates_to_product_reference": "8Base-JAEGER-1.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "distributed-tracing/jaeger-ingester-rhel8@sha256:81a58e46655d527624cbbba483639e76c21e819e4bf5c65a565d45af79c1832c_amd64 as a component of Red Hat OpenShift Jaeger 1.17",
"product_id": "8Base-JAEGER-1.17:distributed-tracing/jaeger-ingester-rhel8@sha256:81a58e46655d527624cbbba483639e76c21e819e4bf5c65a565d45af79c1832c_amd64"
},
"product_reference": "distributed-tracing/jaeger-ingester-rhel8@sha256:81a58e46655d527624cbbba483639e76c21e819e4bf5c65a565d45af79c1832c_amd64",
"relates_to_product_reference": "8Base-JAEGER-1.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "distributed-tracing/jaeger-ingester-rhel8@sha256:cf51d733170ac61077cea0b2a7970d92cc077d4ea731c7a9493af9665fd3cd5f_ppc64le as a component of Red Hat OpenShift Jaeger 1.17",
"product_id": "8Base-JAEGER-1.17:distributed-tracing/jaeger-ingester-rhel8@sha256:cf51d733170ac61077cea0b2a7970d92cc077d4ea731c7a9493af9665fd3cd5f_ppc64le"
},
"product_reference": "distributed-tracing/jaeger-ingester-rhel8@sha256:cf51d733170ac61077cea0b2a7970d92cc077d4ea731c7a9493af9665fd3cd5f_ppc64le",
"relates_to_product_reference": "8Base-JAEGER-1.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "distributed-tracing/jaeger-query-rhel8@sha256:0cc5eae19cab7732b61418212ce3564e948769240f9d2a4bcaa127afd986f968_s390x as a component of Red Hat OpenShift Jaeger 1.17",
"product_id": "8Base-JAEGER-1.17:distributed-tracing/jaeger-query-rhel8@sha256:0cc5eae19cab7732b61418212ce3564e948769240f9d2a4bcaa127afd986f968_s390x"
},
"product_reference": "distributed-tracing/jaeger-query-rhel8@sha256:0cc5eae19cab7732b61418212ce3564e948769240f9d2a4bcaa127afd986f968_s390x",
"relates_to_product_reference": "8Base-JAEGER-1.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "distributed-tracing/jaeger-query-rhel8@sha256:1c5f7c95cda7e7220c158cb254ba24ad9a358caf364533cfeb6cfd02504a64bf_ppc64le as a component of Red Hat OpenShift Jaeger 1.17",
"product_id": "8Base-JAEGER-1.17:distributed-tracing/jaeger-query-rhel8@sha256:1c5f7c95cda7e7220c158cb254ba24ad9a358caf364533cfeb6cfd02504a64bf_ppc64le"
},
"product_reference": "distributed-tracing/jaeger-query-rhel8@sha256:1c5f7c95cda7e7220c158cb254ba24ad9a358caf364533cfeb6cfd02504a64bf_ppc64le",
"relates_to_product_reference": "8Base-JAEGER-1.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "distributed-tracing/jaeger-query-rhel8@sha256:4c5ac9c1f7833ad630f2d5154100234e762c9e5d6f0118b17bb2efceb1d8a625_amd64 as a component of Red Hat OpenShift Jaeger 1.17",
"product_id": "8Base-JAEGER-1.17:distributed-tracing/jaeger-query-rhel8@sha256:4c5ac9c1f7833ad630f2d5154100234e762c9e5d6f0118b17bb2efceb1d8a625_amd64"
},
"product_reference": "distributed-tracing/jaeger-query-rhel8@sha256:4c5ac9c1f7833ad630f2d5154100234e762c9e5d6f0118b17bb2efceb1d8a625_amd64",
"relates_to_product_reference": "8Base-JAEGER-1.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "distributed-tracing/jaeger-rhel8-operator@sha256:57c5dd6f4bb187b4c96b482f6fda7f15d2110126c8f15430b46c2b4489a78384_amd64 as a component of Red Hat OpenShift Jaeger 1.17",
"product_id": "8Base-JAEGER-1.17:distributed-tracing/jaeger-rhel8-operator@sha256:57c5dd6f4bb187b4c96b482f6fda7f15d2110126c8f15430b46c2b4489a78384_amd64"
},
"product_reference": "distributed-tracing/jaeger-rhel8-operator@sha256:57c5dd6f4bb187b4c96b482f6fda7f15d2110126c8f15430b46c2b4489a78384_amd64",
"relates_to_product_reference": "8Base-JAEGER-1.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "distributed-tracing/jaeger-rhel8-operator@sha256:5c284ed14cc4cb17f075c28790fb295046cb212e35647390d0bfa00a63522146_ppc64le as a component of Red Hat OpenShift Jaeger 1.17",
"product_id": "8Base-JAEGER-1.17:distributed-tracing/jaeger-rhel8-operator@sha256:5c284ed14cc4cb17f075c28790fb295046cb212e35647390d0bfa00a63522146_ppc64le"
},
"product_reference": "distributed-tracing/jaeger-rhel8-operator@sha256:5c284ed14cc4cb17f075c28790fb295046cb212e35647390d0bfa00a63522146_ppc64le",
"relates_to_product_reference": "8Base-JAEGER-1.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "distributed-tracing/jaeger-rhel8-operator@sha256:7df80c3aa4d769c1e57c4b33503a5fb806d0f79fc31f6351e17da5d97306c243_s390x as a component of Red Hat OpenShift Jaeger 1.17",
"product_id": "8Base-JAEGER-1.17:distributed-tracing/jaeger-rhel8-operator@sha256:7df80c3aa4d769c1e57c4b33503a5fb806d0f79fc31f6351e17da5d97306c243_s390x"
},
"product_reference": "distributed-tracing/jaeger-rhel8-operator@sha256:7df80c3aa4d769c1e57c4b33503a5fb806d0f79fc31f6351e17da5d97306c243_s390x",
"relates_to_product_reference": "8Base-JAEGER-1.17"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-28362",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2020-11-12T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-JAEGER-1.17:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:51c654d56bf087cb262d331857ca22fd25c4caea97d19e2f7492188303b0c952_s390x",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:9ea14402c0626a90c5e2d4916d8aad2363e5bc9537ffa19bab940a8a49290217_ppc64le",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:bbc2a4caa4458377ed2de14841178707da55589383e090b54c2b13c6a110bc81_amd64",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-es-rollover-rhel8@sha256:68a13a7b385494c25e6af73f6b6b555c026f3f06566b935f97f8efd9a76c6449_ppc64le",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-es-rollover-rhel8@sha256:873fb90564825ff2d3f5881d6db14efb40f9195bee5908e35cf1352c8acc87a9_s390x",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-es-rollover-rhel8@sha256:9c4bc759b3194d5d93448efff4a7b1e60d077e49f1a2a7452da263e46813a35a_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1897635"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the math/big package of Go\u0027s standard library that causes a denial of service. Applications written in Go that use math/big via cryptographic packages, including crypto/rsa and crypto/x509, are vulnerable and can potentially cause panic via a crafted certificate chain. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: math/big: panic during recursive division of very large numbers",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift ServiceMesh (OSSM) 1.1 is Out Of Support Scope (OOSS) for Moderate and Low impact vulnerabilities because it is now in the Maintenance Phase of the support.\nOpenshift Virtualization 1 (formerly Container Native Virtualization) is Out Of Support Scope (OOSS) for Moderate and Low impact vulnerabilities.\n\nRed Hat Gluster Storage 3 shipped multi-cloud-object-gateway-cli and noobaa-operator container as a technical preview and is not currently planned to be addressed in future updates.\n\nOpenShift Container Platform (OCP) 4.5 and earlier are built with Go versions earlier than 1.14, which are not affected by this vulnerability. OCP 4.6 is built with Go 1.15 and is affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JAEGER-1.17:distributed-tracing/jaeger-agent-rhel8@sha256:5230c70692537b4da57bb1ac5bc80810bdef4081f2e739172ed71f8368856afb_amd64",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-agent-rhel8@sha256:83c39c6a9af8bc7a78c1f5015d8f3f98e4901f5e013e0e6c39611f96c10c005a_ppc64le",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-agent-rhel8@sha256:9d96dd8c0db9924a2b8e33d787cdbfe87f3c85f0d873b306ea443d719c3af55c_s390x",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-all-in-one-rhel8@sha256:5327967e9f5e5d75c79e89fee1bc3f59873efd70b8c19202e74d2a460008defe_amd64",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-all-in-one-rhel8@sha256:acb62df32ace2fd13bd5ce9874760d95d567d91bb110b26b19c596fb7d86fef1_ppc64le",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-all-in-one-rhel8@sha256:b585c3a9b824de0f51789a8fecf4a2f7bf9e168b6a3573250bf69d9f782b9bed_s390x",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-collector-rhel8@sha256:324d5c7182e1edce237c884164ca5a5ad8766591ff1c6cc6613aa6b7ebb2646b_ppc64le",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-collector-rhel8@sha256:c17fb6a021f391948c0725f0a839684538f57805393f2123732db08fe5c32009_s390x",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-collector-rhel8@sha256:db34eb04544e03eb56bf606c95d19f79bbd7ec56bd8c500b49fa448718202c9c_amd64",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-ingester-rhel8@sha256:582ff08b5c186cdc27b1d5a340c66a841b3ff10f5ee669f9135e5b9f0303d551_s390x",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-ingester-rhel8@sha256:81a58e46655d527624cbbba483639e76c21e819e4bf5c65a565d45af79c1832c_amd64",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-ingester-rhel8@sha256:cf51d733170ac61077cea0b2a7970d92cc077d4ea731c7a9493af9665fd3cd5f_ppc64le",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-query-rhel8@sha256:0cc5eae19cab7732b61418212ce3564e948769240f9d2a4bcaa127afd986f968_s390x",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-query-rhel8@sha256:1c5f7c95cda7e7220c158cb254ba24ad9a358caf364533cfeb6cfd02504a64bf_ppc64le",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-query-rhel8@sha256:4c5ac9c1f7833ad630f2d5154100234e762c9e5d6f0118b17bb2efceb1d8a625_amd64",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-rhel8-operator@sha256:57c5dd6f4bb187b4c96b482f6fda7f15d2110126c8f15430b46c2b4489a78384_amd64",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-rhel8-operator@sha256:5c284ed14cc4cb17f075c28790fb295046cb212e35647390d0bfa00a63522146_ppc64le",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-rhel8-operator@sha256:7df80c3aa4d769c1e57c4b33503a5fb806d0f79fc31f6351e17da5d97306c243_s390x"
],
"known_not_affected": [
"8Base-JAEGER-1.17:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:51c654d56bf087cb262d331857ca22fd25c4caea97d19e2f7492188303b0c952_s390x",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:9ea14402c0626a90c5e2d4916d8aad2363e5bc9537ffa19bab940a8a49290217_ppc64le",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:bbc2a4caa4458377ed2de14841178707da55589383e090b54c2b13c6a110bc81_amd64",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-es-rollover-rhel8@sha256:68a13a7b385494c25e6af73f6b6b555c026f3f06566b935f97f8efd9a76c6449_ppc64le",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-es-rollover-rhel8@sha256:873fb90564825ff2d3f5881d6db14efb40f9195bee5908e35cf1352c8acc87a9_s390x",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-es-rollover-rhel8@sha256:9c4bc759b3194d5d93448efff4a7b1e60d077e49f1a2a7452da263e46813a35a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-28362"
},
{
"category": "external",
"summary": "RHBZ#1897635",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1897635"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-28362",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28362"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-28362",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28362"
}
],
"release_date": "2020-11-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-06-23T15:37:37+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/jaeger/jaeger_install/rhbjaeger-updating.html",
"product_ids": [
"8Base-JAEGER-1.17:distributed-tracing/jaeger-agent-rhel8@sha256:5230c70692537b4da57bb1ac5bc80810bdef4081f2e739172ed71f8368856afb_amd64",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-agent-rhel8@sha256:83c39c6a9af8bc7a78c1f5015d8f3f98e4901f5e013e0e6c39611f96c10c005a_ppc64le",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-agent-rhel8@sha256:9d96dd8c0db9924a2b8e33d787cdbfe87f3c85f0d873b306ea443d719c3af55c_s390x",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-all-in-one-rhel8@sha256:5327967e9f5e5d75c79e89fee1bc3f59873efd70b8c19202e74d2a460008defe_amd64",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-all-in-one-rhel8@sha256:acb62df32ace2fd13bd5ce9874760d95d567d91bb110b26b19c596fb7d86fef1_ppc64le",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-all-in-one-rhel8@sha256:b585c3a9b824de0f51789a8fecf4a2f7bf9e168b6a3573250bf69d9f782b9bed_s390x",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-collector-rhel8@sha256:324d5c7182e1edce237c884164ca5a5ad8766591ff1c6cc6613aa6b7ebb2646b_ppc64le",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-collector-rhel8@sha256:c17fb6a021f391948c0725f0a839684538f57805393f2123732db08fe5c32009_s390x",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-collector-rhel8@sha256:db34eb04544e03eb56bf606c95d19f79bbd7ec56bd8c500b49fa448718202c9c_amd64",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-ingester-rhel8@sha256:582ff08b5c186cdc27b1d5a340c66a841b3ff10f5ee669f9135e5b9f0303d551_s390x",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-ingester-rhel8@sha256:81a58e46655d527624cbbba483639e76c21e819e4bf5c65a565d45af79c1832c_amd64",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-ingester-rhel8@sha256:cf51d733170ac61077cea0b2a7970d92cc077d4ea731c7a9493af9665fd3cd5f_ppc64le",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-query-rhel8@sha256:0cc5eae19cab7732b61418212ce3564e948769240f9d2a4bcaa127afd986f968_s390x",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-query-rhel8@sha256:1c5f7c95cda7e7220c158cb254ba24ad9a358caf364533cfeb6cfd02504a64bf_ppc64le",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-query-rhel8@sha256:4c5ac9c1f7833ad630f2d5154100234e762c9e5d6f0118b17bb2efceb1d8a625_amd64",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-rhel8-operator@sha256:57c5dd6f4bb187b4c96b482f6fda7f15d2110126c8f15430b46c2b4489a78384_amd64",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-rhel8-operator@sha256:5c284ed14cc4cb17f075c28790fb295046cb212e35647390d0bfa00a63522146_ppc64le",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-rhel8-operator@sha256:7df80c3aa4d769c1e57c4b33503a5fb806d0f79fc31f6351e17da5d97306c243_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:2532"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-JAEGER-1.17:distributed-tracing/jaeger-agent-rhel8@sha256:5230c70692537b4da57bb1ac5bc80810bdef4081f2e739172ed71f8368856afb_amd64",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-agent-rhel8@sha256:83c39c6a9af8bc7a78c1f5015d8f3f98e4901f5e013e0e6c39611f96c10c005a_ppc64le",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-agent-rhel8@sha256:9d96dd8c0db9924a2b8e33d787cdbfe87f3c85f0d873b306ea443d719c3af55c_s390x",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-all-in-one-rhel8@sha256:5327967e9f5e5d75c79e89fee1bc3f59873efd70b8c19202e74d2a460008defe_amd64",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-all-in-one-rhel8@sha256:acb62df32ace2fd13bd5ce9874760d95d567d91bb110b26b19c596fb7d86fef1_ppc64le",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-all-in-one-rhel8@sha256:b585c3a9b824de0f51789a8fecf4a2f7bf9e168b6a3573250bf69d9f782b9bed_s390x",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-collector-rhel8@sha256:324d5c7182e1edce237c884164ca5a5ad8766591ff1c6cc6613aa6b7ebb2646b_ppc64le",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-collector-rhel8@sha256:c17fb6a021f391948c0725f0a839684538f57805393f2123732db08fe5c32009_s390x",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-collector-rhel8@sha256:db34eb04544e03eb56bf606c95d19f79bbd7ec56bd8c500b49fa448718202c9c_amd64",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:51c654d56bf087cb262d331857ca22fd25c4caea97d19e2f7492188303b0c952_s390x",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:9ea14402c0626a90c5e2d4916d8aad2363e5bc9537ffa19bab940a8a49290217_ppc64le",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:bbc2a4caa4458377ed2de14841178707da55589383e090b54c2b13c6a110bc81_amd64",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-es-rollover-rhel8@sha256:68a13a7b385494c25e6af73f6b6b555c026f3f06566b935f97f8efd9a76c6449_ppc64le",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-es-rollover-rhel8@sha256:873fb90564825ff2d3f5881d6db14efb40f9195bee5908e35cf1352c8acc87a9_s390x",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-es-rollover-rhel8@sha256:9c4bc759b3194d5d93448efff4a7b1e60d077e49f1a2a7452da263e46813a35a_amd64",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-ingester-rhel8@sha256:582ff08b5c186cdc27b1d5a340c66a841b3ff10f5ee669f9135e5b9f0303d551_s390x",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-ingester-rhel8@sha256:81a58e46655d527624cbbba483639e76c21e819e4bf5c65a565d45af79c1832c_amd64",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-ingester-rhel8@sha256:cf51d733170ac61077cea0b2a7970d92cc077d4ea731c7a9493af9665fd3cd5f_ppc64le",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-query-rhel8@sha256:0cc5eae19cab7732b61418212ce3564e948769240f9d2a4bcaa127afd986f968_s390x",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-query-rhel8@sha256:1c5f7c95cda7e7220c158cb254ba24ad9a358caf364533cfeb6cfd02504a64bf_ppc64le",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-query-rhel8@sha256:4c5ac9c1f7833ad630f2d5154100234e762c9e5d6f0118b17bb2efceb1d8a625_amd64",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-rhel8-operator@sha256:57c5dd6f4bb187b4c96b482f6fda7f15d2110126c8f15430b46c2b4489a78384_amd64",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-rhel8-operator@sha256:5c284ed14cc4cb17f075c28790fb295046cb212e35647390d0bfa00a63522146_ppc64le",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-rhel8-operator@sha256:7df80c3aa4d769c1e57c4b33503a5fb806d0f79fc31f6351e17da5d97306c243_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: math/big: panic during recursive division of very large numbers"
},
{
"cve": "CVE-2021-3114",
"cwe": {
"id": "CWE-682",
"name": "Incorrect Calculation"
},
"discovery_date": "2021-01-21T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-JAEGER-1.17:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:51c654d56bf087cb262d331857ca22fd25c4caea97d19e2f7492188303b0c952_s390x",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:9ea14402c0626a90c5e2d4916d8aad2363e5bc9537ffa19bab940a8a49290217_ppc64le",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:bbc2a4caa4458377ed2de14841178707da55589383e090b54c2b13c6a110bc81_amd64",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-es-rollover-rhel8@sha256:68a13a7b385494c25e6af73f6b6b555c026f3f06566b935f97f8efd9a76c6449_ppc64le",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-es-rollover-rhel8@sha256:873fb90564825ff2d3f5881d6db14efb40f9195bee5908e35cf1352c8acc87a9_s390x",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-es-rollover-rhel8@sha256:9c4bc759b3194d5d93448efff4a7b1e60d077e49f1a2a7452da263e46813a35a_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1918750"
}
],
"notes": [
{
"category": "description",
"text": "A flaw detected in golang: crypto/elliptic, in which P-224 keys as generated can return incorrect inputs, reducing the strength of the cryptography. The highest threat from this vulnerability is confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/elliptic: incorrect operations on the P-224 curve",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift ServiceMesh (OSSM) 1.1 is Out Of Support Scope (OOSS) for Moderate and Low impact vulnerabilities because it is now in the Maintenance Phase of the support.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JAEGER-1.17:distributed-tracing/jaeger-agent-rhel8@sha256:5230c70692537b4da57bb1ac5bc80810bdef4081f2e739172ed71f8368856afb_amd64",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-agent-rhel8@sha256:83c39c6a9af8bc7a78c1f5015d8f3f98e4901f5e013e0e6c39611f96c10c005a_ppc64le",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-agent-rhel8@sha256:9d96dd8c0db9924a2b8e33d787cdbfe87f3c85f0d873b306ea443d719c3af55c_s390x",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-all-in-one-rhel8@sha256:5327967e9f5e5d75c79e89fee1bc3f59873efd70b8c19202e74d2a460008defe_amd64",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-all-in-one-rhel8@sha256:acb62df32ace2fd13bd5ce9874760d95d567d91bb110b26b19c596fb7d86fef1_ppc64le",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-all-in-one-rhel8@sha256:b585c3a9b824de0f51789a8fecf4a2f7bf9e168b6a3573250bf69d9f782b9bed_s390x",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-collector-rhel8@sha256:324d5c7182e1edce237c884164ca5a5ad8766591ff1c6cc6613aa6b7ebb2646b_ppc64le",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-collector-rhel8@sha256:c17fb6a021f391948c0725f0a839684538f57805393f2123732db08fe5c32009_s390x",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-collector-rhel8@sha256:db34eb04544e03eb56bf606c95d19f79bbd7ec56bd8c500b49fa448718202c9c_amd64",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-ingester-rhel8@sha256:582ff08b5c186cdc27b1d5a340c66a841b3ff10f5ee669f9135e5b9f0303d551_s390x",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-ingester-rhel8@sha256:81a58e46655d527624cbbba483639e76c21e819e4bf5c65a565d45af79c1832c_amd64",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-ingester-rhel8@sha256:cf51d733170ac61077cea0b2a7970d92cc077d4ea731c7a9493af9665fd3cd5f_ppc64le",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-query-rhel8@sha256:0cc5eae19cab7732b61418212ce3564e948769240f9d2a4bcaa127afd986f968_s390x",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-query-rhel8@sha256:1c5f7c95cda7e7220c158cb254ba24ad9a358caf364533cfeb6cfd02504a64bf_ppc64le",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-query-rhel8@sha256:4c5ac9c1f7833ad630f2d5154100234e762c9e5d6f0118b17bb2efceb1d8a625_amd64",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-rhel8-operator@sha256:57c5dd6f4bb187b4c96b482f6fda7f15d2110126c8f15430b46c2b4489a78384_amd64",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-rhel8-operator@sha256:5c284ed14cc4cb17f075c28790fb295046cb212e35647390d0bfa00a63522146_ppc64le",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-rhel8-operator@sha256:7df80c3aa4d769c1e57c4b33503a5fb806d0f79fc31f6351e17da5d97306c243_s390x"
],
"known_not_affected": [
"8Base-JAEGER-1.17:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:51c654d56bf087cb262d331857ca22fd25c4caea97d19e2f7492188303b0c952_s390x",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:9ea14402c0626a90c5e2d4916d8aad2363e5bc9537ffa19bab940a8a49290217_ppc64le",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:bbc2a4caa4458377ed2de14841178707da55589383e090b54c2b13c6a110bc81_amd64",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-es-rollover-rhel8@sha256:68a13a7b385494c25e6af73f6b6b555c026f3f06566b935f97f8efd9a76c6449_ppc64le",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-es-rollover-rhel8@sha256:873fb90564825ff2d3f5881d6db14efb40f9195bee5908e35cf1352c8acc87a9_s390x",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-es-rollover-rhel8@sha256:9c4bc759b3194d5d93448efff4a7b1e60d077e49f1a2a7452da263e46813a35a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-3114"
},
{
"category": "external",
"summary": "RHBZ#1918750",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1918750"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-3114",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3114"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3114",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3114"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/mperVMGa98w",
"url": "https://groups.google.com/g/golang-announce/c/mperVMGa98w"
}
],
"release_date": "2021-01-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-06-23T15:37:37+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/jaeger/jaeger_install/rhbjaeger-updating.html",
"product_ids": [
"8Base-JAEGER-1.17:distributed-tracing/jaeger-agent-rhel8@sha256:5230c70692537b4da57bb1ac5bc80810bdef4081f2e739172ed71f8368856afb_amd64",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-agent-rhel8@sha256:83c39c6a9af8bc7a78c1f5015d8f3f98e4901f5e013e0e6c39611f96c10c005a_ppc64le",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-agent-rhel8@sha256:9d96dd8c0db9924a2b8e33d787cdbfe87f3c85f0d873b306ea443d719c3af55c_s390x",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-all-in-one-rhel8@sha256:5327967e9f5e5d75c79e89fee1bc3f59873efd70b8c19202e74d2a460008defe_amd64",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-all-in-one-rhel8@sha256:acb62df32ace2fd13bd5ce9874760d95d567d91bb110b26b19c596fb7d86fef1_ppc64le",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-all-in-one-rhel8@sha256:b585c3a9b824de0f51789a8fecf4a2f7bf9e168b6a3573250bf69d9f782b9bed_s390x",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-collector-rhel8@sha256:324d5c7182e1edce237c884164ca5a5ad8766591ff1c6cc6613aa6b7ebb2646b_ppc64le",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-collector-rhel8@sha256:c17fb6a021f391948c0725f0a839684538f57805393f2123732db08fe5c32009_s390x",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-collector-rhel8@sha256:db34eb04544e03eb56bf606c95d19f79bbd7ec56bd8c500b49fa448718202c9c_amd64",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-ingester-rhel8@sha256:582ff08b5c186cdc27b1d5a340c66a841b3ff10f5ee669f9135e5b9f0303d551_s390x",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-ingester-rhel8@sha256:81a58e46655d527624cbbba483639e76c21e819e4bf5c65a565d45af79c1832c_amd64",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-ingester-rhel8@sha256:cf51d733170ac61077cea0b2a7970d92cc077d4ea731c7a9493af9665fd3cd5f_ppc64le",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-query-rhel8@sha256:0cc5eae19cab7732b61418212ce3564e948769240f9d2a4bcaa127afd986f968_s390x",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-query-rhel8@sha256:1c5f7c95cda7e7220c158cb254ba24ad9a358caf364533cfeb6cfd02504a64bf_ppc64le",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-query-rhel8@sha256:4c5ac9c1f7833ad630f2d5154100234e762c9e5d6f0118b17bb2efceb1d8a625_amd64",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-rhel8-operator@sha256:57c5dd6f4bb187b4c96b482f6fda7f15d2110126c8f15430b46c2b4489a78384_amd64",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-rhel8-operator@sha256:5c284ed14cc4cb17f075c28790fb295046cb212e35647390d0bfa00a63522146_ppc64le",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-rhel8-operator@sha256:7df80c3aa4d769c1e57c4b33503a5fb806d0f79fc31f6351e17da5d97306c243_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:2532"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-JAEGER-1.17:distributed-tracing/jaeger-agent-rhel8@sha256:5230c70692537b4da57bb1ac5bc80810bdef4081f2e739172ed71f8368856afb_amd64",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-agent-rhel8@sha256:83c39c6a9af8bc7a78c1f5015d8f3f98e4901f5e013e0e6c39611f96c10c005a_ppc64le",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-agent-rhel8@sha256:9d96dd8c0db9924a2b8e33d787cdbfe87f3c85f0d873b306ea443d719c3af55c_s390x",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-all-in-one-rhel8@sha256:5327967e9f5e5d75c79e89fee1bc3f59873efd70b8c19202e74d2a460008defe_amd64",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-all-in-one-rhel8@sha256:acb62df32ace2fd13bd5ce9874760d95d567d91bb110b26b19c596fb7d86fef1_ppc64le",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-all-in-one-rhel8@sha256:b585c3a9b824de0f51789a8fecf4a2f7bf9e168b6a3573250bf69d9f782b9bed_s390x",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-collector-rhel8@sha256:324d5c7182e1edce237c884164ca5a5ad8766591ff1c6cc6613aa6b7ebb2646b_ppc64le",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-collector-rhel8@sha256:c17fb6a021f391948c0725f0a839684538f57805393f2123732db08fe5c32009_s390x",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-collector-rhel8@sha256:db34eb04544e03eb56bf606c95d19f79bbd7ec56bd8c500b49fa448718202c9c_amd64",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:51c654d56bf087cb262d331857ca22fd25c4caea97d19e2f7492188303b0c952_s390x",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:9ea14402c0626a90c5e2d4916d8aad2363e5bc9537ffa19bab940a8a49290217_ppc64le",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:bbc2a4caa4458377ed2de14841178707da55589383e090b54c2b13c6a110bc81_amd64",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-es-rollover-rhel8@sha256:68a13a7b385494c25e6af73f6b6b555c026f3f06566b935f97f8efd9a76c6449_ppc64le",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-es-rollover-rhel8@sha256:873fb90564825ff2d3f5881d6db14efb40f9195bee5908e35cf1352c8acc87a9_s390x",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-es-rollover-rhel8@sha256:9c4bc759b3194d5d93448efff4a7b1e60d077e49f1a2a7452da263e46813a35a_amd64",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-ingester-rhel8@sha256:582ff08b5c186cdc27b1d5a340c66a841b3ff10f5ee669f9135e5b9f0303d551_s390x",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-ingester-rhel8@sha256:81a58e46655d527624cbbba483639e76c21e819e4bf5c65a565d45af79c1832c_amd64",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-ingester-rhel8@sha256:cf51d733170ac61077cea0b2a7970d92cc077d4ea731c7a9493af9665fd3cd5f_ppc64le",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-query-rhel8@sha256:0cc5eae19cab7732b61418212ce3564e948769240f9d2a4bcaa127afd986f968_s390x",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-query-rhel8@sha256:1c5f7c95cda7e7220c158cb254ba24ad9a358caf364533cfeb6cfd02504a64bf_ppc64le",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-query-rhel8@sha256:4c5ac9c1f7833ad630f2d5154100234e762c9e5d6f0118b17bb2efceb1d8a625_amd64",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-rhel8-operator@sha256:57c5dd6f4bb187b4c96b482f6fda7f15d2110126c8f15430b46c2b4489a78384_amd64",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-rhel8-operator@sha256:5c284ed14cc4cb17f075c28790fb295046cb212e35647390d0bfa00a63522146_ppc64le",
"8Base-JAEGER-1.17:distributed-tracing/jaeger-rhel8-operator@sha256:7df80c3aa4d769c1e57c4b33503a5fb806d0f79fc31f6351e17da5d97306c243_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/elliptic: incorrect operations on the P-224 curve"
}
]
}
RHSA-2021:2543
Vulnerability from csaf_redhat - Published: 2021-06-24 15:19 - Updated: 2026-04-30 16:09Summary
Red Hat Security Advisory: Red Hat OpenShift Jaeger 1.20.4 security update
Severity
Moderate
Notes
Topic: An update is now available for Red Hat OpenShift Jaeger 1.20.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat OpenShift Jaeger is Red Hat's distribution of the Jaeger project,
tailored for installation into an on-premise OpenShift Container Platform
installation.
Security Fix(es):
* libthrift: potential DoS when processing untrusted payloads (CVE-2020-13949)
* golang: math/big: panic during recursive division of very large numbers (CVE-2020-28362)
* nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions (CVE-2020-28500)
* golang: crypto/elliptic: incorrect operations on the P-224 curve (CVE-2021-3114)
* nodejs-lodash: command injection via template (CVE-2021-23337)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in libthrift. Applications using Thrift would not show an error upon receiving messages declaring containers of sizes larger than the payload. This results in malicious RPC clients with the ability to send short messages which would result in a large memory allocation, potentially leading to denial of service. The highest threat from this vulnerability is to system availability.
7.5 (High)
Affected products
Fixed
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64 | — |
Vendor Fix
fix
|
Known not affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64 | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64 | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x | — |
Threats
Impact
Important
A flaw was found in the math/big package of Go's standard library that causes a denial of service. Applications written in Go that use math/big via cryptographic packages, including crypto/rsa and crypto/x509, are vulnerable and can potentially cause panic via a crafted certificate chain. The highest threat from this vulnerability is to system availability.
7.5 (High)
Affected products
Fixed
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64 | — |
Vendor Fix
fix
|
Known not affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64 | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64 | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x | — |
Threats
Impact
Moderate
A flaw was found in nodejs-lodash. A Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions is possible.
5.3 (Medium)
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x | — |
Vendor Fix
fix
|
Known not affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64 | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64 | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64 | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64 | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64 | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64 | — |
Threats
Impact
Moderate
A flaw detected in golang: crypto/elliptic, in which P-224 keys as generated can return incorrect inputs, reducing the strength of the cryptography. The highest threat from this vulnerability is confidentiality and integrity.
6.5 (Medium)
Affected products
Fixed
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64 | — |
Vendor Fix
fix
|
Known not affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64 | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64 | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x | — |
Threats
Impact
Moderate
A flaw was found in nodejs-lodash. A command injection flaw is possible through template variables.
7.2 (High)
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x | — |
Vendor Fix
fix
|
Known not affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64 | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64 | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64 | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64 | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64 | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64 | — |
Threats
Impact
Low
A vulnerability was detected in net/http of the Go standard library when parsing very large HTTP header values, causing a crash and subsequent denial of service. This vulnerability affects both clients and servers written in Go, however, servers are only vulnerable if the value of MaxHeaderBytes has been increased from the default.
5.9 (Medium)
Affected products
Fixed
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Low
References
36 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat OpenShift Jaeger 1.20.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Jaeger is Red Hat\u0027s distribution of the Jaeger project,\ntailored for installation into an on-premise OpenShift Container Platform\ninstallation.\n\nSecurity Fix(es):\n\n* libthrift: potential DoS when processing untrusted payloads (CVE-2020-13949)\n\n* golang: math/big: panic during recursive division of very large numbers (CVE-2020-28362)\n\n* nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions (CVE-2020-28500)\n\n* golang: crypto/elliptic: incorrect operations on the P-224 curve (CVE-2021-3114)\n\n* nodejs-lodash: command injection via template (CVE-2021-23337)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2021:2543",
"url": "https://access.redhat.com/errata/RHSA-2021:2543"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1897635",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1897635"
},
{
"category": "external",
"summary": "1918750",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1918750"
},
{
"category": "external",
"summary": "1928172",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928172"
},
{
"category": "external",
"summary": "1928937",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928937"
},
{
"category": "external",
"summary": "1928954",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928954"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_2543.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Jaeger 1.20.4 security update",
"tracking": {
"current_release_date": "2026-04-30T16:09:29+00:00",
"generator": {
"date": "2026-04-30T16:09:29+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.7"
}
},
"id": "RHSA-2021:2543",
"initial_release_date": "2021-06-24T15:19:30+00:00",
"revision_history": [
{
"date": "2021-06-24T15:19:30+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2021-06-24T15:19:30+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-04-30T16:09:29+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Jaeger 1.20",
"product": {
"name": "Red Hat OpenShift Jaeger 1.20",
"product_id": "8Base-JAEGER-1.20",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jaeger:1.20::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Jaeger"
},
{
"branches": [
{
"category": "product_version",
"name": "distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x",
"product": {
"name": "distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x",
"product_id": "distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3?arch=s390x\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-agent-rhel8\u0026tag=1.20.4-18"
}
}
},
{
"category": "product_version",
"name": "distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x",
"product": {
"name": "distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x",
"product_id": "distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd?arch=s390x\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-all-in-one-rhel8\u0026tag=1.20.4-18"
}
}
},
{
"category": "product_version",
"name": "distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x",
"product": {
"name": "distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x",
"product_id": "distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec?arch=s390x\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-collector-rhel8\u0026tag=1.20.4-18"
}
}
},
{
"category": "product_version",
"name": "distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x",
"product": {
"name": "distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x",
"product_id": "distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b?arch=s390x\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-es-index-cleaner-rhel8\u0026tag=1.20.4-7"
}
}
},
{
"category": "product_version",
"name": "distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x",
"product": {
"name": "distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x",
"product_id": "distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0?arch=s390x\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-es-rollover-rhel8\u0026tag=1.20.4-7"
}
}
},
{
"category": "product_version",
"name": "distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x",
"product": {
"name": "distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x",
"product_id": "distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a?arch=s390x\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-ingester-rhel8\u0026tag=1.20.4-17"
}
}
},
{
"category": "product_version",
"name": "distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x",
"product": {
"name": "distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x",
"product_id": "distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764?arch=s390x\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-query-rhel8\u0026tag=1.20.4-18"
}
}
},
{
"category": "product_version",
"name": "distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x",
"product": {
"name": "distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x",
"product_id": "distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c?arch=s390x\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-rhel8-operator\u0026tag=1.20.4-18"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le",
"product": {
"name": "distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le",
"product_id": "distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380?arch=ppc64le\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-agent-rhel8\u0026tag=1.20.4-18"
}
}
},
{
"category": "product_version",
"name": "distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le",
"product": {
"name": "distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le",
"product_id": "distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149?arch=ppc64le\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-all-in-one-rhel8\u0026tag=1.20.4-18"
}
}
},
{
"category": "product_version",
"name": "distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le",
"product": {
"name": "distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le",
"product_id": "distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722?arch=ppc64le\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-collector-rhel8\u0026tag=1.20.4-18"
}
}
},
{
"category": "product_version",
"name": "distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le",
"product": {
"name": "distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le",
"product_id": "distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487?arch=ppc64le\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-es-index-cleaner-rhel8\u0026tag=1.20.4-7"
}
}
},
{
"category": "product_version",
"name": "distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le",
"product": {
"name": "distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le",
"product_id": "distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5?arch=ppc64le\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-es-rollover-rhel8\u0026tag=1.20.4-7"
}
}
},
{
"category": "product_version",
"name": "distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le",
"product": {
"name": "distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le",
"product_id": "distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29?arch=ppc64le\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-ingester-rhel8\u0026tag=1.20.4-17"
}
}
},
{
"category": "product_version",
"name": "distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le",
"product": {
"name": "distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le",
"product_id": "distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b?arch=ppc64le\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-query-rhel8\u0026tag=1.20.4-18"
}
}
},
{
"category": "product_version",
"name": "distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le",
"product": {
"name": "distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le",
"product_id": "distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8?arch=ppc64le\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-rhel8-operator\u0026tag=1.20.4-18"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64",
"product": {
"name": "distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64",
"product_id": "distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b?arch=amd64\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-agent-rhel8\u0026tag=1.20.4-18"
}
}
},
{
"category": "product_version",
"name": "distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64",
"product": {
"name": "distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64",
"product_id": "distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429?arch=amd64\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-all-in-one-rhel8\u0026tag=1.20.4-18"
}
}
},
{
"category": "product_version",
"name": "distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64",
"product": {
"name": "distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64",
"product_id": "distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe?arch=amd64\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-collector-rhel8\u0026tag=1.20.4-18"
}
}
},
{
"category": "product_version",
"name": "distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64",
"product": {
"name": "distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64",
"product_id": "distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3?arch=amd64\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-es-index-cleaner-rhel8\u0026tag=1.20.4-7"
}
}
},
{
"category": "product_version",
"name": "distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64",
"product": {
"name": "distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64",
"product_id": "distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b?arch=amd64\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-es-rollover-rhel8\u0026tag=1.20.4-7"
}
}
},
{
"category": "product_version",
"name": "distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64",
"product": {
"name": "distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64",
"product_id": "distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249?arch=amd64\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-ingester-rhel8\u0026tag=1.20.4-17"
}
}
},
{
"category": "product_version",
"name": "distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64",
"product": {
"name": "distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64",
"product_id": "distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab?arch=amd64\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-query-rhel8\u0026tag=1.20.4-18"
}
}
},
{
"category": "product_version",
"name": "distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64",
"product": {
"name": "distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64",
"product_id": "distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a?arch=amd64\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-rhel8-operator\u0026tag=1.20.4-18"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64 as a component of Red Hat OpenShift Jaeger 1.20",
"product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64"
},
"product_reference": "distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64",
"relates_to_product_reference": "8Base-JAEGER-1.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x as a component of Red Hat OpenShift Jaeger 1.20",
"product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x"
},
"product_reference": "distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x",
"relates_to_product_reference": "8Base-JAEGER-1.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le as a component of Red Hat OpenShift Jaeger 1.20",
"product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le"
},
"product_reference": "distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le",
"relates_to_product_reference": "8Base-JAEGER-1.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64 as a component of Red Hat OpenShift Jaeger 1.20",
"product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64"
},
"product_reference": "distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64",
"relates_to_product_reference": "8Base-JAEGER-1.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le as a component of Red Hat OpenShift Jaeger 1.20",
"product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le"
},
"product_reference": "distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le",
"relates_to_product_reference": "8Base-JAEGER-1.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x as a component of Red Hat OpenShift Jaeger 1.20",
"product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x"
},
"product_reference": "distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x",
"relates_to_product_reference": "8Base-JAEGER-1.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64 as a component of Red Hat OpenShift Jaeger 1.20",
"product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64"
},
"product_reference": "distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64",
"relates_to_product_reference": "8Base-JAEGER-1.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le as a component of Red Hat OpenShift Jaeger 1.20",
"product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le"
},
"product_reference": "distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le",
"relates_to_product_reference": "8Base-JAEGER-1.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x as a component of Red Hat OpenShift Jaeger 1.20",
"product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x"
},
"product_reference": "distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x",
"relates_to_product_reference": "8Base-JAEGER-1.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64 as a component of Red Hat OpenShift Jaeger 1.20",
"product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64"
},
"product_reference": "distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64",
"relates_to_product_reference": "8Base-JAEGER-1.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x as a component of Red Hat OpenShift Jaeger 1.20",
"product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x"
},
"product_reference": "distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x",
"relates_to_product_reference": "8Base-JAEGER-1.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le as a component of Red Hat OpenShift Jaeger 1.20",
"product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le"
},
"product_reference": "distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le",
"relates_to_product_reference": "8Base-JAEGER-1.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le as a component of Red Hat OpenShift Jaeger 1.20",
"product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le"
},
"product_reference": "distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le",
"relates_to_product_reference": "8Base-JAEGER-1.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64 as a component of Red Hat OpenShift Jaeger 1.20",
"product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64"
},
"product_reference": "distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64",
"relates_to_product_reference": "8Base-JAEGER-1.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x as a component of Red Hat OpenShift Jaeger 1.20",
"product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x"
},
"product_reference": "distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x",
"relates_to_product_reference": "8Base-JAEGER-1.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le as a component of Red Hat OpenShift Jaeger 1.20",
"product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le"
},
"product_reference": "distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le",
"relates_to_product_reference": "8Base-JAEGER-1.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x as a component of Red Hat OpenShift Jaeger 1.20",
"product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x"
},
"product_reference": "distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x",
"relates_to_product_reference": "8Base-JAEGER-1.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64 as a component of Red Hat OpenShift Jaeger 1.20",
"product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64"
},
"product_reference": "distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64",
"relates_to_product_reference": "8Base-JAEGER-1.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64 as a component of Red Hat OpenShift Jaeger 1.20",
"product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64"
},
"product_reference": "distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64",
"relates_to_product_reference": "8Base-JAEGER-1.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le as a component of Red Hat OpenShift Jaeger 1.20",
"product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le"
},
"product_reference": "distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le",
"relates_to_product_reference": "8Base-JAEGER-1.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x as a component of Red Hat OpenShift Jaeger 1.20",
"product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x"
},
"product_reference": "distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x",
"relates_to_product_reference": "8Base-JAEGER-1.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le as a component of Red Hat OpenShift Jaeger 1.20",
"product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le"
},
"product_reference": "distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le",
"relates_to_product_reference": "8Base-JAEGER-1.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x as a component of Red Hat OpenShift Jaeger 1.20",
"product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x"
},
"product_reference": "distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x",
"relates_to_product_reference": "8Base-JAEGER-1.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64 as a component of Red Hat OpenShift Jaeger 1.20",
"product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64"
},
"product_reference": "distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64",
"relates_to_product_reference": "8Base-JAEGER-1.20"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-13949",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-02-11T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1928172"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libthrift. Applications using Thrift would not show an error upon receiving messages declaring containers of sizes larger than the payload. This results in malicious RPC clients with the ability to send short messages which would result in a large memory allocation, potentially leading to denial of service. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libthrift: potential DoS when processing untrusted payloads",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "* A vulnerable version of the libthrift library is delivered in listed OpenShift Container Platform (OCP) and OpenShift Jaeger (Jaeger) components, but the vulnerable code is not invoked, therefore these components are affected but with impact Moderate. \n\n* For Red Hat OpenStack, because the fix would require a substantial amount of development and OpenDaylight is deprecated in all future versions (RHOSP10 was in tech preview), no update will be provided at this time for the RHOSP libthrift package.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64"
],
"known_not_affected": [
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-13949"
},
{
"category": "external",
"summary": "RHBZ#1928172",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928172"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-13949",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13949"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-13949",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13949"
}
],
"release_date": "2021-02-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-06-24T15:19:30+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/jaeger/jaeger_install/rhbjaeger-updating.html",
"product_ids": [
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:2543"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libthrift: potential DoS when processing untrusted payloads"
},
{
"cve": "CVE-2020-28362",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2020-11-12T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1897635"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the math/big package of Go\u0027s standard library that causes a denial of service. Applications written in Go that use math/big via cryptographic packages, including crypto/rsa and crypto/x509, are vulnerable and can potentially cause panic via a crafted certificate chain. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: math/big: panic during recursive division of very large numbers",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift ServiceMesh (OSSM) 1.1 is Out Of Support Scope (OOSS) for Moderate and Low impact vulnerabilities because it is now in the Maintenance Phase of the support.\nOpenshift Virtualization 1 (formerly Container Native Virtualization) is Out Of Support Scope (OOSS) for Moderate and Low impact vulnerabilities.\n\nRed Hat Gluster Storage 3 shipped multi-cloud-object-gateway-cli and noobaa-operator container as a technical preview and is not currently planned to be addressed in future updates.\n\nOpenShift Container Platform (OCP) 4.5 and earlier are built with Go versions earlier than 1.14, which are not affected by this vulnerability. OCP 4.6 is built with Go 1.15 and is affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64"
],
"known_not_affected": [
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-28362"
},
{
"category": "external",
"summary": "RHBZ#1897635",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1897635"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-28362",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28362"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-28362",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28362"
}
],
"release_date": "2020-11-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-06-24T15:19:30+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/jaeger/jaeger_install/rhbjaeger-updating.html",
"product_ids": [
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:2543"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: math/big: panic during recursive division of very large numbers"
},
{
"cve": "CVE-2020-28500",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-02-15T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1928954"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in nodejs-lodash. A Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions is possible.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In OpenShift ServiceMesh (OSSM) and Red Hat OpenShift Jaeger (RHOSJ) the affected containers are behind OpenShift OAuth authentication. This restricts access to the vulnerable nodejs-lodash library to authenticated users only, therefore the impact is low.\n\nWhile Red Hat Virtualization\u0027s cockpit-ovirt has a dependency on lodash it doesn\u0027t use the vulnerable toNumber, trim, or trimEnd functions.\n\nWhile Red Hat Quay has a dependency on lodash via restangular it doesn\u0027t use the vulnerable toNumber, trim, or trimEnd functions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x"
],
"known_not_affected": [
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-28500"
},
{
"category": "external",
"summary": "RHBZ#1928954",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928954"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-28500",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28500"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-28500",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28500"
},
{
"category": "external",
"summary": "https://snyk.io/vuln/SNYK-JS-LODASH-1018905",
"url": "https://snyk.io/vuln/SNYK-JS-LODASH-1018905"
}
],
"release_date": "2021-02-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-06-24T15:19:30+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/jaeger/jaeger_install/rhbjaeger-updating.html",
"product_ids": [
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:2543"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions"
},
{
"cve": "CVE-2021-3114",
"cwe": {
"id": "CWE-682",
"name": "Incorrect Calculation"
},
"discovery_date": "2021-01-21T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1918750"
}
],
"notes": [
{
"category": "description",
"text": "A flaw detected in golang: crypto/elliptic, in which P-224 keys as generated can return incorrect inputs, reducing the strength of the cryptography. The highest threat from this vulnerability is confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/elliptic: incorrect operations on the P-224 curve",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift ServiceMesh (OSSM) 1.1 is Out Of Support Scope (OOSS) for Moderate and Low impact vulnerabilities because it is now in the Maintenance Phase of the support.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64"
],
"known_not_affected": [
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-3114"
},
{
"category": "external",
"summary": "RHBZ#1918750",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1918750"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-3114",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3114"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3114",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3114"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/mperVMGa98w",
"url": "https://groups.google.com/g/golang-announce/c/mperVMGa98w"
}
],
"release_date": "2021-01-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-06-24T15:19:30+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/jaeger/jaeger_install/rhbjaeger-updating.html",
"product_ids": [
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:2543"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/elliptic: incorrect operations on the P-224 curve"
},
{
"cve": "CVE-2021-23337",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2021-02-15T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1928937"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in nodejs-lodash. A command injection flaw is possible through template variables.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-lodash: command injection via template",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In OpenShift ServiceMesh (OSSM) and Red Hat OpenShift Jaeger (RHOSJ) the affected containers are behind OpenShift OAuth authentication. This restricts access to the vulnerable nodejs-lodash library to authenticated users only, therefore the impact is low.\n\nWhile Red Hat Virtualization\u0027s cockpit-ovirt has a dependency on lodash it doesn\u0027t use the vulnerable template function.\n\nWhile Red Hat Quay has a dependency on lodash via restangular it doesn\u0027t use the vulnerable template function.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x"
],
"known_not_affected": [
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-23337"
},
{
"category": "external",
"summary": "RHBZ#1928937",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928937"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-23337",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23337"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23337",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23337"
},
{
"category": "external",
"summary": "https://snyk.io/vuln/SNYK-JS-LODASH-1040724",
"url": "https://snyk.io/vuln/SNYK-JS-LODASH-1040724"
}
],
"release_date": "2021-02-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-06-24T15:19:30+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/jaeger/jaeger_install/rhbjaeger-updating.html",
"product_ids": [
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:2543"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "nodejs-lodash: command injection via template"
},
{
"cve": "CVE-2021-31525",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2021-05-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1958341"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was detected in net/http of the Go standard library when parsing very large HTTP header values, causing a crash and subsequent denial of service. This vulnerability affects both clients and servers written in Go, however, servers are only vulnerable if the value of MaxHeaderBytes has been increased from the default.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability potentially affects any component written in Go that uses net/http from the standard library. In OpenShift Container Platform (OCP), OpenShift Virtualization, OpenShift ServiceMesh (OSSM) and OpenShift distributed tracing (formerly OpenShift Jaeger), no server side component allows HTTP header values larger than 1 MB (the default), preventing this vulnerability from being exploited by malicious clients. It is possible for components that make client connections to malicious servers to be exploited, however the maximum impact is a crash. This vulnerability is rated Low for the following components: \n* OpenShift Container Platform\n* OpenShift Virtualization \n* OpenShift ServiceMesh\n* OpenShift distributed tracing components.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-31525"
},
{
"category": "external",
"summary": "RHBZ#1958341",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1958341"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-31525",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31525"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-31525",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31525"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc",
"url": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc"
}
],
"release_date": "2021-04-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-06-24T15:19:30+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/jaeger/jaeger_install/rhbjaeger-updating.html",
"product_ids": [
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:2543"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header"
}
]
}
SUSE-SU-2020:3368-1
Vulnerability from csaf_suse - Published: 2020-11-19 08:24 - Updated: 2020-11-19 08:24Summary
Security update for go1.15
Severity
Moderate
Notes
Title of the patch: Security update for go1.15
Description of the patch: This update for go1.15 fixes the following issues:
- go1.15.5 (released 2020-11-12) includes security fixes to the cmd/go and math/big packages.
* go#42553 math/big: panic during recursive division of very large numbers (bsc#1178750 CVE-2020-28362)
* go#42560 cmd/go: arbitrary code can be injected into cgo generated files (bsc#1178752 CVE-2020-28367)
* go#42557 cmd/go: improper validation of cgo flags can lead to remote code execution at build time (bsc#1178753 CVE-2020-28366)
* go#42169 cmd/compile, runtime, reflect: pointers to go:notinheap types must be stored indirectly in interfaces
* go#42151 cmd/cgo: opaque struct pointers are broken since Go 1.15.3
* go#42138 time: Location interprets wrong timezone (DST) with slim zoneinfo
* go#42113 x/net/http2: the first write error on a connection will cause all subsequent write requests to fail blindly
* go#41914 net/http: request.Clone doesn't deep copy TransferEncoding
* go#41704 runtime: macOS syscall.Exec can get SIGILL due to preemption signal
* go#41463 compress/flate: deflatefast produces corrupted output
* go#41387 x/net/http2: connection-level flow control not returned if stream errors, causes server hang
* go#40974 cmd/link: sectionForAddress(0xA9D67F) address not in any section file
Patchnames: SUSE-2020-3368,SUSE-SLE-Module-Development-Tools-15-SP1-2020-3368,SUSE-SLE-Module-Development-Tools-15-SP2-2020-3368
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.15-1.15.5-1.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.15-1.15.5-1.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.15-1.15.5-1.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.15-1.15.5-1.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.15-doc-1.15.5-1.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.15-doc-1.15.5-1.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.15-doc-1.15.5-1.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.15-doc-1.15.5-1.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.15-1.15.5-1.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.15-1.15.5-1.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.15-1.15.5-1.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.15-1.15.5-1.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.15-doc-1.15.5-1.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.15-doc-1.15.5-1.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.15-doc-1.15.5-1.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.15-doc-1.15.5-1.11.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.15-1.15.5-1.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.15-1.15.5-1.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.15-1.15.5-1.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.15-1.15.5-1.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.15-doc-1.15.5-1.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.15-doc-1.15.5-1.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.15-doc-1.15.5-1.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.15-doc-1.15.5-1.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.15-1.15.5-1.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.15-1.15.5-1.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.15-1.15.5-1.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.15-1.15.5-1.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.15-doc-1.15.5-1.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.15-doc-1.15.5-1.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.15-doc-1.15.5-1.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.15-doc-1.15.5-1.11.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.15-1.15.5-1.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.15-1.15.5-1.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.15-1.15.5-1.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.15-1.15.5-1.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.15-doc-1.15.5-1.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.15-doc-1.15.5-1.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.15-doc-1.15.5-1.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.15-doc-1.15.5-1.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.15-1.15.5-1.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.15-1.15.5-1.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.15-1.15.5-1.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.15-1.15.5-1.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.15-doc-1.15.5-1.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.15-doc-1.15.5-1.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.15-doc-1.15.5-1.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.15-doc-1.15.5-1.11.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
17 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for go1.15",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for go1.15 fixes the following issues:\n\n- go1.15.5 (released 2020-11-12) includes security fixes to the cmd/go and math/big packages.\n * go#42553 math/big: panic during recursive division of very large numbers (bsc#1178750 CVE-2020-28362)\n * go#42560 cmd/go: arbitrary code can be injected into cgo generated files (bsc#1178752 CVE-2020-28367)\n * go#42557 cmd/go: improper validation of cgo flags can lead to remote code execution at build time (bsc#1178753 CVE-2020-28366)\n * go#42169 cmd/compile, runtime, reflect: pointers to go:notinheap types must be stored indirectly in interfaces\n * go#42151 cmd/cgo: opaque struct pointers are broken since Go 1.15.3\n * go#42138 time: Location interprets wrong timezone (DST) with slim zoneinfo\n * go#42113 x/net/http2: the first write error on a connection will cause all subsequent write requests to fail blindly\n * go#41914 net/http: request.Clone doesn\u0027t deep copy TransferEncoding\n * go#41704 runtime: macOS syscall.Exec can get SIGILL due to preemption signal\n * go#41463 compress/flate: deflatefast produces corrupted output\n * go#41387 x/net/http2: connection-level flow control not returned if stream errors, causes server hang\n * go#40974 cmd/link: sectionForAddress(0xA9D67F) address not in any section file\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2020-3368,SUSE-SLE-Module-Development-Tools-15-SP1-2020-3368,SUSE-SLE-Module-Development-Tools-15-SP2-2020-3368",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2020_3368-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2020:3368-1",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20203368-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2020:3368-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007806.html"
},
{
"category": "self",
"summary": "SUSE Bug 1175132",
"url": "https://bugzilla.suse.com/1175132"
},
{
"category": "self",
"summary": "SUSE Bug 1178750",
"url": "https://bugzilla.suse.com/1178750"
},
{
"category": "self",
"summary": "SUSE Bug 1178752",
"url": "https://bugzilla.suse.com/1178752"
},
{
"category": "self",
"summary": "SUSE Bug 1178753",
"url": "https://bugzilla.suse.com/1178753"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-28362 page",
"url": "https://www.suse.com/security/cve/CVE-2020-28362/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-28366 page",
"url": "https://www.suse.com/security/cve/CVE-2020-28366/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-28367 page",
"url": "https://www.suse.com/security/cve/CVE-2020-28367/"
}
],
"title": "Security update for go1.15",
"tracking": {
"current_release_date": "2020-11-19T08:24:49Z",
"generator": {
"date": "2020-11-19T08:24:49Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2020:3368-1",
"initial_release_date": "2020-11-19T08:24:49Z",
"revision_history": [
{
"date": "2020-11-19T08:24:49Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "go1.15-1.15.5-1.11.1.aarch64",
"product": {
"name": "go1.15-1.15.5-1.11.1.aarch64",
"product_id": "go1.15-1.15.5-1.11.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.15-doc-1.15.5-1.11.1.aarch64",
"product": {
"name": "go1.15-doc-1.15.5-1.11.1.aarch64",
"product_id": "go1.15-doc-1.15.5-1.11.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.15-race-1.15.5-1.11.1.aarch64",
"product": {
"name": "go1.15-race-1.15.5-1.11.1.aarch64",
"product_id": "go1.15-race-1.15.5-1.11.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.15-1.15.5-1.11.1.i586",
"product": {
"name": "go1.15-1.15.5-1.11.1.i586",
"product_id": "go1.15-1.15.5-1.11.1.i586"
}
},
{
"category": "product_version",
"name": "go1.15-doc-1.15.5-1.11.1.i586",
"product": {
"name": "go1.15-doc-1.15.5-1.11.1.i586",
"product_id": "go1.15-doc-1.15.5-1.11.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.15-1.15.5-1.11.1.ppc64le",
"product": {
"name": "go1.15-1.15.5-1.11.1.ppc64le",
"product_id": "go1.15-1.15.5-1.11.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.15-doc-1.15.5-1.11.1.ppc64le",
"product": {
"name": "go1.15-doc-1.15.5-1.11.1.ppc64le",
"product_id": "go1.15-doc-1.15.5-1.11.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.15-1.15.5-1.11.1.s390x",
"product": {
"name": "go1.15-1.15.5-1.11.1.s390x",
"product_id": "go1.15-1.15.5-1.11.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.15-doc-1.15.5-1.11.1.s390x",
"product": {
"name": "go1.15-doc-1.15.5-1.11.1.s390x",
"product_id": "go1.15-doc-1.15.5-1.11.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.15-1.15.5-1.11.1.x86_64",
"product": {
"name": "go1.15-1.15.5-1.11.1.x86_64",
"product_id": "go1.15-1.15.5-1.11.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.15-doc-1.15.5-1.11.1.x86_64",
"product": {
"name": "go1.15-doc-1.15.5-1.11.1.x86_64",
"product_id": "go1.15-doc-1.15.5-1.11.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.15-race-1.15.5-1.11.1.x86_64",
"product": {
"name": "go1.15-race-1.15.5-1.11.1.x86_64",
"product_id": "go1.15-race-1.15.5-1.11.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP1",
"product": {
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-development-tools:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP2",
"product": {
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-development-tools:15:sp2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.15-1.15.5-1.11.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.15-1.15.5-1.11.1.aarch64"
},
"product_reference": "go1.15-1.15.5-1.11.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.15-1.15.5-1.11.1.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.15-1.15.5-1.11.1.ppc64le"
},
"product_reference": "go1.15-1.15.5-1.11.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.15-1.15.5-1.11.1.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.15-1.15.5-1.11.1.s390x"
},
"product_reference": "go1.15-1.15.5-1.11.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.15-1.15.5-1.11.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.15-1.15.5-1.11.1.x86_64"
},
"product_reference": "go1.15-1.15.5-1.11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.15-doc-1.15.5-1.11.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.15-doc-1.15.5-1.11.1.aarch64"
},
"product_reference": "go1.15-doc-1.15.5-1.11.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.15-doc-1.15.5-1.11.1.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.15-doc-1.15.5-1.11.1.ppc64le"
},
"product_reference": "go1.15-doc-1.15.5-1.11.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.15-doc-1.15.5-1.11.1.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.15-doc-1.15.5-1.11.1.s390x"
},
"product_reference": "go1.15-doc-1.15.5-1.11.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.15-doc-1.15.5-1.11.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.15-doc-1.15.5-1.11.1.x86_64"
},
"product_reference": "go1.15-doc-1.15.5-1.11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.15-1.15.5-1.11.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.15-1.15.5-1.11.1.aarch64"
},
"product_reference": "go1.15-1.15.5-1.11.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.15-1.15.5-1.11.1.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.15-1.15.5-1.11.1.ppc64le"
},
"product_reference": "go1.15-1.15.5-1.11.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.15-1.15.5-1.11.1.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.15-1.15.5-1.11.1.s390x"
},
"product_reference": "go1.15-1.15.5-1.11.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.15-1.15.5-1.11.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.15-1.15.5-1.11.1.x86_64"
},
"product_reference": "go1.15-1.15.5-1.11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.15-doc-1.15.5-1.11.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.15-doc-1.15.5-1.11.1.aarch64"
},
"product_reference": "go1.15-doc-1.15.5-1.11.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.15-doc-1.15.5-1.11.1.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.15-doc-1.15.5-1.11.1.ppc64le"
},
"product_reference": "go1.15-doc-1.15.5-1.11.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.15-doc-1.15.5-1.11.1.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.15-doc-1.15.5-1.11.1.s390x"
},
"product_reference": "go1.15-doc-1.15.5-1.11.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.15-doc-1.15.5-1.11.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.15-doc-1.15.5-1.11.1.x86_64"
},
"product_reference": "go1.15-doc-1.15.5-1.11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-28362",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-28362"
}
],
"notes": [
{
"category": "general",
"text": "Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.15-1.15.5-1.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.15-1.15.5-1.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.15-1.15.5-1.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.15-1.15.5-1.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.15-doc-1.15.5-1.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.15-doc-1.15.5-1.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.15-doc-1.15.5-1.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.15-doc-1.15.5-1.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.15-1.15.5-1.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.15-1.15.5-1.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.15-1.15.5-1.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.15-1.15.5-1.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.15-doc-1.15.5-1.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.15-doc-1.15.5-1.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.15-doc-1.15.5-1.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.15-doc-1.15.5-1.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-28362",
"url": "https://www.suse.com/security/cve/CVE-2020-28362"
},
{
"category": "external",
"summary": "SUSE Bug 1178750 for CVE-2020-28362",
"url": "https://bugzilla.suse.com/1178750"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.15-1.15.5-1.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.15-1.15.5-1.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.15-1.15.5-1.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.15-1.15.5-1.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.15-doc-1.15.5-1.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.15-doc-1.15.5-1.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.15-doc-1.15.5-1.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.15-doc-1.15.5-1.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.15-1.15.5-1.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.15-1.15.5-1.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.15-1.15.5-1.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.15-1.15.5-1.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.15-doc-1.15.5-1.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.15-doc-1.15.5-1.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.15-doc-1.15.5-1.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.15-doc-1.15.5-1.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.15-1.15.5-1.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.15-1.15.5-1.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.15-1.15.5-1.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.15-1.15.5-1.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.15-doc-1.15.5-1.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.15-doc-1.15.5-1.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.15-doc-1.15.5-1.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.15-doc-1.15.5-1.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.15-1.15.5-1.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.15-1.15.5-1.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.15-1.15.5-1.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.15-1.15.5-1.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.15-doc-1.15.5-1.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.15-doc-1.15.5-1.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.15-doc-1.15.5-1.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.15-doc-1.15.5-1.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-19T08:24:49Z",
"details": "important"
}
],
"title": "CVE-2020-28362"
},
{
"cve": "CVE-2020-28366",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-28366"
}
],
"notes": [
{
"category": "general",
"text": "Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.15-1.15.5-1.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.15-1.15.5-1.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.15-1.15.5-1.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.15-1.15.5-1.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.15-doc-1.15.5-1.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.15-doc-1.15.5-1.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.15-doc-1.15.5-1.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.15-doc-1.15.5-1.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.15-1.15.5-1.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.15-1.15.5-1.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.15-1.15.5-1.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.15-1.15.5-1.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.15-doc-1.15.5-1.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.15-doc-1.15.5-1.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.15-doc-1.15.5-1.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.15-doc-1.15.5-1.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-28366",
"url": "https://www.suse.com/security/cve/CVE-2020-28366"
},
{
"category": "external",
"summary": "SUSE Bug 1178753 for CVE-2020-28366",
"url": "https://bugzilla.suse.com/1178753"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.15-1.15.5-1.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.15-1.15.5-1.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.15-1.15.5-1.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.15-1.15.5-1.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.15-doc-1.15.5-1.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.15-doc-1.15.5-1.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.15-doc-1.15.5-1.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.15-doc-1.15.5-1.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.15-1.15.5-1.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.15-1.15.5-1.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.15-1.15.5-1.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.15-1.15.5-1.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.15-doc-1.15.5-1.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.15-doc-1.15.5-1.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.15-doc-1.15.5-1.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.15-doc-1.15.5-1.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.15-1.15.5-1.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.15-1.15.5-1.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.15-1.15.5-1.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.15-1.15.5-1.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.15-doc-1.15.5-1.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.15-doc-1.15.5-1.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.15-doc-1.15.5-1.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.15-doc-1.15.5-1.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.15-1.15.5-1.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.15-1.15.5-1.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.15-1.15.5-1.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.15-1.15.5-1.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.15-doc-1.15.5-1.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.15-doc-1.15.5-1.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.15-doc-1.15.5-1.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.15-doc-1.15.5-1.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-19T08:24:49Z",
"details": "important"
}
],
"title": "CVE-2020-28366"
},
{
"cve": "CVE-2020-28367",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-28367"
}
],
"notes": [
{
"category": "general",
"text": "Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via malicious gcc flags specified via a #cgo directive.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.15-1.15.5-1.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.15-1.15.5-1.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.15-1.15.5-1.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.15-1.15.5-1.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.15-doc-1.15.5-1.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.15-doc-1.15.5-1.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.15-doc-1.15.5-1.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.15-doc-1.15.5-1.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.15-1.15.5-1.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.15-1.15.5-1.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.15-1.15.5-1.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.15-1.15.5-1.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.15-doc-1.15.5-1.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.15-doc-1.15.5-1.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.15-doc-1.15.5-1.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.15-doc-1.15.5-1.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-28367",
"url": "https://www.suse.com/security/cve/CVE-2020-28367"
},
{
"category": "external",
"summary": "SUSE Bug 1178752 for CVE-2020-28367",
"url": "https://bugzilla.suse.com/1178752"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.15-1.15.5-1.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.15-1.15.5-1.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.15-1.15.5-1.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.15-1.15.5-1.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.15-doc-1.15.5-1.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.15-doc-1.15.5-1.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.15-doc-1.15.5-1.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.15-doc-1.15.5-1.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.15-1.15.5-1.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.15-1.15.5-1.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.15-1.15.5-1.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.15-1.15.5-1.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.15-doc-1.15.5-1.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.15-doc-1.15.5-1.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.15-doc-1.15.5-1.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.15-doc-1.15.5-1.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.15-1.15.5-1.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.15-1.15.5-1.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.15-1.15.5-1.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.15-1.15.5-1.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.15-doc-1.15.5-1.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.15-doc-1.15.5-1.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.15-doc-1.15.5-1.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.15-doc-1.15.5-1.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.15-1.15.5-1.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.15-1.15.5-1.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.15-1.15.5-1.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.15-1.15.5-1.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.15-doc-1.15.5-1.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.15-doc-1.15.5-1.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.15-doc-1.15.5-1.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.15-doc-1.15.5-1.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-19T08:24:49Z",
"details": "important"
}
],
"title": "CVE-2020-28367"
}
]
}
SUSE-SU-2020:3369-1
Vulnerability from csaf_suse - Published: 2020-11-19 08:26 - Updated: 2020-11-19 08:26Summary
Security update for go1.14
Severity
Moderate
Notes
Title of the patch: Security update for go1.14
Description of the patch: This update for go1.14 fixes the following issues:
- go1.14.12 (released 2020-11-12) includes security fixes to the cmd/go and math/big packages.
* go#42553 math/big: panic during recursive division of very large numbers (bsc#1178750 CVE-2020-28362)
* go#42560 cmd/go: arbitrary code can be injected into cgo generated files (bsc#1178752 CVE-2020-28367)
* go#42557 cmd/go: improper validation of cgo flags can lead to remote code execution at build time (bsc#1178753 CVE-2020-28366)
* go#42155 time: Location interprets wrong timezone (DST) with slim zoneinfo
* go#42112 x/net/http2: the first write error on a connection will cause all subsequent write requests to fail blindly
* go#41991 runtime: macOS-only segfault on 1.14+ with 'split stack overflow'
* go#41913 net/http: request.Clone doesn't deep copy TransferEncoding
* go#41703 runtime: macOS syscall.Exec can get SIGILL due to preemption signal
* go#41386 x/net/http2: connection-level flow control not returned if stream errors, causes server hang
Patchnames: SUSE-2020-3369,SUSE-SLE-Module-Development-Tools-15-SP1-2020-3369,SUSE-SLE-Module-Development-Tools-15-SP2-2020-3369
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-1.14.12-1.26.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-1.14.12-1.26.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-1.14.12-1.26.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-1.14.12-1.26.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-doc-1.14.12-1.26.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-doc-1.14.12-1.26.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-doc-1.14.12-1.26.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-doc-1.14.12-1.26.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-1.14.12-1.26.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-1.14.12-1.26.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-1.14.12-1.26.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-1.14.12-1.26.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-doc-1.14.12-1.26.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-doc-1.14.12-1.26.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-doc-1.14.12-1.26.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-doc-1.14.12-1.26.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-1.14.12-1.26.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-1.14.12-1.26.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-1.14.12-1.26.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-1.14.12-1.26.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-doc-1.14.12-1.26.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-doc-1.14.12-1.26.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-doc-1.14.12-1.26.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-doc-1.14.12-1.26.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-1.14.12-1.26.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-1.14.12-1.26.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-1.14.12-1.26.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-1.14.12-1.26.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-doc-1.14.12-1.26.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-doc-1.14.12-1.26.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-doc-1.14.12-1.26.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-doc-1.14.12-1.26.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-1.14.12-1.26.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-1.14.12-1.26.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-1.14.12-1.26.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-1.14.12-1.26.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-doc-1.14.12-1.26.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-doc-1.14.12-1.26.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-doc-1.14.12-1.26.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-doc-1.14.12-1.26.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-1.14.12-1.26.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-1.14.12-1.26.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-1.14.12-1.26.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-1.14.12-1.26.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-doc-1.14.12-1.26.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-doc-1.14.12-1.26.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-doc-1.14.12-1.26.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-doc-1.14.12-1.26.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
17 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for go1.14",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for go1.14 fixes the following issues:\n\n- go1.14.12 (released 2020-11-12) includes security fixes to the cmd/go and math/big packages.\n * go#42553 math/big: panic during recursive division of very large numbers (bsc#1178750 CVE-2020-28362)\n * go#42560 cmd/go: arbitrary code can be injected into cgo generated files (bsc#1178752 CVE-2020-28367)\n * go#42557 cmd/go: improper validation of cgo flags can lead to remote code execution at build time (bsc#1178753 CVE-2020-28366)\n * go#42155 time: Location interprets wrong timezone (DST) with slim zoneinfo\n * go#42112 x/net/http2: the first write error on a connection will cause all subsequent write requests to fail blindly\n * go#41991 runtime: macOS-only segfault on 1.14+ with \u0027split stack overflow\u0027\n * go#41913 net/http: request.Clone doesn\u0027t deep copy TransferEncoding\n * go#41703 runtime: macOS syscall.Exec can get SIGILL due to preemption signal\n * go#41386 x/net/http2: connection-level flow control not returned if stream errors, causes server hang\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2020-3369,SUSE-SLE-Module-Development-Tools-15-SP1-2020-3369,SUSE-SLE-Module-Development-Tools-15-SP2-2020-3369",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2020_3369-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2020:3369-1",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20203369-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2020:3369-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007807.html"
},
{
"category": "self",
"summary": "SUSE Bug 1164903",
"url": "https://bugzilla.suse.com/1164903"
},
{
"category": "self",
"summary": "SUSE Bug 1178750",
"url": "https://bugzilla.suse.com/1178750"
},
{
"category": "self",
"summary": "SUSE Bug 1178752",
"url": "https://bugzilla.suse.com/1178752"
},
{
"category": "self",
"summary": "SUSE Bug 1178753",
"url": "https://bugzilla.suse.com/1178753"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-28362 page",
"url": "https://www.suse.com/security/cve/CVE-2020-28362/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-28366 page",
"url": "https://www.suse.com/security/cve/CVE-2020-28366/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-28367 page",
"url": "https://www.suse.com/security/cve/CVE-2020-28367/"
}
],
"title": "Security update for go1.14",
"tracking": {
"current_release_date": "2020-11-19T08:26:22Z",
"generator": {
"date": "2020-11-19T08:26:22Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2020:3369-1",
"initial_release_date": "2020-11-19T08:26:22Z",
"revision_history": [
{
"date": "2020-11-19T08:26:22Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "go1.14-1.14.12-1.26.1.aarch64",
"product": {
"name": "go1.14-1.14.12-1.26.1.aarch64",
"product_id": "go1.14-1.14.12-1.26.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.14-doc-1.14.12-1.26.1.aarch64",
"product": {
"name": "go1.14-doc-1.14.12-1.26.1.aarch64",
"product_id": "go1.14-doc-1.14.12-1.26.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.14-race-1.14.12-1.26.1.aarch64",
"product": {
"name": "go1.14-race-1.14.12-1.26.1.aarch64",
"product_id": "go1.14-race-1.14.12-1.26.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.14-1.14.12-1.26.1.i586",
"product": {
"name": "go1.14-1.14.12-1.26.1.i586",
"product_id": "go1.14-1.14.12-1.26.1.i586"
}
},
{
"category": "product_version",
"name": "go1.14-doc-1.14.12-1.26.1.i586",
"product": {
"name": "go1.14-doc-1.14.12-1.26.1.i586",
"product_id": "go1.14-doc-1.14.12-1.26.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.14-1.14.12-1.26.1.ppc64le",
"product": {
"name": "go1.14-1.14.12-1.26.1.ppc64le",
"product_id": "go1.14-1.14.12-1.26.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.14-doc-1.14.12-1.26.1.ppc64le",
"product": {
"name": "go1.14-doc-1.14.12-1.26.1.ppc64le",
"product_id": "go1.14-doc-1.14.12-1.26.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.14-1.14.12-1.26.1.s390x",
"product": {
"name": "go1.14-1.14.12-1.26.1.s390x",
"product_id": "go1.14-1.14.12-1.26.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.14-doc-1.14.12-1.26.1.s390x",
"product": {
"name": "go1.14-doc-1.14.12-1.26.1.s390x",
"product_id": "go1.14-doc-1.14.12-1.26.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.14-1.14.12-1.26.1.x86_64",
"product": {
"name": "go1.14-1.14.12-1.26.1.x86_64",
"product_id": "go1.14-1.14.12-1.26.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.14-doc-1.14.12-1.26.1.x86_64",
"product": {
"name": "go1.14-doc-1.14.12-1.26.1.x86_64",
"product_id": "go1.14-doc-1.14.12-1.26.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.14-race-1.14.12-1.26.1.x86_64",
"product": {
"name": "go1.14-race-1.14.12-1.26.1.x86_64",
"product_id": "go1.14-race-1.14.12-1.26.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP1",
"product": {
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-development-tools:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP2",
"product": {
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-development-tools:15:sp2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.14-1.14.12-1.26.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-1.14.12-1.26.1.aarch64"
},
"product_reference": "go1.14-1.14.12-1.26.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.14-1.14.12-1.26.1.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-1.14.12-1.26.1.ppc64le"
},
"product_reference": "go1.14-1.14.12-1.26.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.14-1.14.12-1.26.1.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-1.14.12-1.26.1.s390x"
},
"product_reference": "go1.14-1.14.12-1.26.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.14-1.14.12-1.26.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-1.14.12-1.26.1.x86_64"
},
"product_reference": "go1.14-1.14.12-1.26.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.14-doc-1.14.12-1.26.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-doc-1.14.12-1.26.1.aarch64"
},
"product_reference": "go1.14-doc-1.14.12-1.26.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.14-doc-1.14.12-1.26.1.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-doc-1.14.12-1.26.1.ppc64le"
},
"product_reference": "go1.14-doc-1.14.12-1.26.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.14-doc-1.14.12-1.26.1.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-doc-1.14.12-1.26.1.s390x"
},
"product_reference": "go1.14-doc-1.14.12-1.26.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.14-doc-1.14.12-1.26.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-doc-1.14.12-1.26.1.x86_64"
},
"product_reference": "go1.14-doc-1.14.12-1.26.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.14-1.14.12-1.26.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-1.14.12-1.26.1.aarch64"
},
"product_reference": "go1.14-1.14.12-1.26.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.14-1.14.12-1.26.1.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-1.14.12-1.26.1.ppc64le"
},
"product_reference": "go1.14-1.14.12-1.26.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.14-1.14.12-1.26.1.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-1.14.12-1.26.1.s390x"
},
"product_reference": "go1.14-1.14.12-1.26.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.14-1.14.12-1.26.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-1.14.12-1.26.1.x86_64"
},
"product_reference": "go1.14-1.14.12-1.26.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.14-doc-1.14.12-1.26.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-doc-1.14.12-1.26.1.aarch64"
},
"product_reference": "go1.14-doc-1.14.12-1.26.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.14-doc-1.14.12-1.26.1.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-doc-1.14.12-1.26.1.ppc64le"
},
"product_reference": "go1.14-doc-1.14.12-1.26.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.14-doc-1.14.12-1.26.1.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-doc-1.14.12-1.26.1.s390x"
},
"product_reference": "go1.14-doc-1.14.12-1.26.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.14-doc-1.14.12-1.26.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-doc-1.14.12-1.26.1.x86_64"
},
"product_reference": "go1.14-doc-1.14.12-1.26.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-28362",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-28362"
}
],
"notes": [
{
"category": "general",
"text": "Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-1.14.12-1.26.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-1.14.12-1.26.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-1.14.12-1.26.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-1.14.12-1.26.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-doc-1.14.12-1.26.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-doc-1.14.12-1.26.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-doc-1.14.12-1.26.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-doc-1.14.12-1.26.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-1.14.12-1.26.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-1.14.12-1.26.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-1.14.12-1.26.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-1.14.12-1.26.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-doc-1.14.12-1.26.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-doc-1.14.12-1.26.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-doc-1.14.12-1.26.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-doc-1.14.12-1.26.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-28362",
"url": "https://www.suse.com/security/cve/CVE-2020-28362"
},
{
"category": "external",
"summary": "SUSE Bug 1178750 for CVE-2020-28362",
"url": "https://bugzilla.suse.com/1178750"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-1.14.12-1.26.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-1.14.12-1.26.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-1.14.12-1.26.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-1.14.12-1.26.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-doc-1.14.12-1.26.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-doc-1.14.12-1.26.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-doc-1.14.12-1.26.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-doc-1.14.12-1.26.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-1.14.12-1.26.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-1.14.12-1.26.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-1.14.12-1.26.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-1.14.12-1.26.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-doc-1.14.12-1.26.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-doc-1.14.12-1.26.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-doc-1.14.12-1.26.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-doc-1.14.12-1.26.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-1.14.12-1.26.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-1.14.12-1.26.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-1.14.12-1.26.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-1.14.12-1.26.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-doc-1.14.12-1.26.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-doc-1.14.12-1.26.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-doc-1.14.12-1.26.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-doc-1.14.12-1.26.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-1.14.12-1.26.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-1.14.12-1.26.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-1.14.12-1.26.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-1.14.12-1.26.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-doc-1.14.12-1.26.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-doc-1.14.12-1.26.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-doc-1.14.12-1.26.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-doc-1.14.12-1.26.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-19T08:26:22Z",
"details": "important"
}
],
"title": "CVE-2020-28362"
},
{
"cve": "CVE-2020-28366",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-28366"
}
],
"notes": [
{
"category": "general",
"text": "Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-1.14.12-1.26.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-1.14.12-1.26.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-1.14.12-1.26.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-1.14.12-1.26.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-doc-1.14.12-1.26.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-doc-1.14.12-1.26.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-doc-1.14.12-1.26.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-doc-1.14.12-1.26.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-1.14.12-1.26.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-1.14.12-1.26.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-1.14.12-1.26.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-1.14.12-1.26.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-doc-1.14.12-1.26.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-doc-1.14.12-1.26.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-doc-1.14.12-1.26.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-doc-1.14.12-1.26.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-28366",
"url": "https://www.suse.com/security/cve/CVE-2020-28366"
},
{
"category": "external",
"summary": "SUSE Bug 1178753 for CVE-2020-28366",
"url": "https://bugzilla.suse.com/1178753"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-1.14.12-1.26.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-1.14.12-1.26.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-1.14.12-1.26.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-1.14.12-1.26.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-doc-1.14.12-1.26.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-doc-1.14.12-1.26.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-doc-1.14.12-1.26.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-doc-1.14.12-1.26.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-1.14.12-1.26.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-1.14.12-1.26.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-1.14.12-1.26.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-1.14.12-1.26.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-doc-1.14.12-1.26.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-doc-1.14.12-1.26.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-doc-1.14.12-1.26.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-doc-1.14.12-1.26.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-1.14.12-1.26.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-1.14.12-1.26.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-1.14.12-1.26.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-1.14.12-1.26.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-doc-1.14.12-1.26.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-doc-1.14.12-1.26.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-doc-1.14.12-1.26.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-doc-1.14.12-1.26.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-1.14.12-1.26.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-1.14.12-1.26.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-1.14.12-1.26.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-1.14.12-1.26.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-doc-1.14.12-1.26.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-doc-1.14.12-1.26.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-doc-1.14.12-1.26.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-doc-1.14.12-1.26.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-19T08:26:22Z",
"details": "important"
}
],
"title": "CVE-2020-28366"
},
{
"cve": "CVE-2020-28367",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-28367"
}
],
"notes": [
{
"category": "general",
"text": "Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via malicious gcc flags specified via a #cgo directive.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-1.14.12-1.26.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-1.14.12-1.26.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-1.14.12-1.26.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-1.14.12-1.26.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-doc-1.14.12-1.26.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-doc-1.14.12-1.26.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-doc-1.14.12-1.26.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-doc-1.14.12-1.26.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-1.14.12-1.26.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-1.14.12-1.26.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-1.14.12-1.26.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-1.14.12-1.26.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-doc-1.14.12-1.26.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-doc-1.14.12-1.26.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-doc-1.14.12-1.26.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-doc-1.14.12-1.26.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-28367",
"url": "https://www.suse.com/security/cve/CVE-2020-28367"
},
{
"category": "external",
"summary": "SUSE Bug 1178752 for CVE-2020-28367",
"url": "https://bugzilla.suse.com/1178752"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-1.14.12-1.26.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-1.14.12-1.26.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-1.14.12-1.26.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-1.14.12-1.26.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-doc-1.14.12-1.26.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-doc-1.14.12-1.26.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-doc-1.14.12-1.26.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-doc-1.14.12-1.26.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-1.14.12-1.26.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-1.14.12-1.26.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-1.14.12-1.26.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-1.14.12-1.26.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-doc-1.14.12-1.26.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-doc-1.14.12-1.26.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-doc-1.14.12-1.26.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-doc-1.14.12-1.26.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-1.14.12-1.26.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-1.14.12-1.26.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-1.14.12-1.26.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-1.14.12-1.26.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-doc-1.14.12-1.26.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-doc-1.14.12-1.26.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-doc-1.14.12-1.26.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP1:go1.14-doc-1.14.12-1.26.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-1.14.12-1.26.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-1.14.12-1.26.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-1.14.12-1.26.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-1.14.12-1.26.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-doc-1.14.12-1.26.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-doc-1.14.12-1.26.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-doc-1.14.12-1.26.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.14-doc-1.14.12-1.26.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-19T08:26:22Z",
"details": "important"
}
],
"title": "CVE-2020-28367"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…