Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2021-43138 (GCVE-0-2021-43138)
Vulnerability from cvelistv5 – Published: 2022-04-06 00:00 – Updated: 2024-08-04 03:47
VLAI
EPSS
Summary
In Async before 2.6.4 and 3.x before 3.2.2, a malicious user can obtain privileges via the mapValues() method, aka lib/internal/iterator.js createObjectIterator prototype pollution.
Severity
7.8 (High)
CWE
- n/a
Assigner
References
10 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:47:13.575Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/caolan/async/blob/master/lib/internal/iterator.js"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/caolan/async/blob/master/lib/mapValuesLimit.js"
},
{
"tags": [
"x_transferred"
],
"url": "https://jsfiddle.net/oz5twjd9/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/caolan/async/commit/e1ecdbf79264f9ab488c7799f4c76996d5dca66d"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/caolan/async/blob/v2.6.4/CHANGELOG.md#v264"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/caolan/async/pull/1828"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/caolan/async/compare/v2.6.3...v2.6.4"
},
{
"name": "FEDORA-2023-ce8943223c",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTEUUTNIEBHGKUKKLNUZSV7IEP6IP3Q3/"
},
{
"name": "FEDORA-2023-18fd476362",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UM6XJ73Q3NAM5KSGCOKJ2ZIA6GUWUJLK/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Async before 2.6.4 and 3.x before 3.2.2, a malicious user can obtain privileges via the mapValues() method, aka lib/internal/iterator.js createObjectIterator prototype pollution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-21T19:07:23.908Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/caolan/async/blob/master/lib/internal/iterator.js"
},
{
"url": "https://github.com/caolan/async/blob/master/lib/mapValuesLimit.js"
},
{
"url": "https://jsfiddle.net/oz5twjd9/"
},
{
"url": "https://github.com/caolan/async/commit/e1ecdbf79264f9ab488c7799f4c76996d5dca66d"
},
{
"url": "https://github.com/caolan/async/blob/v2.6.4/CHANGELOG.md#v264"
},
{
"url": "https://github.com/caolan/async/pull/1828"
},
{
"url": "https://github.com/caolan/async/compare/v2.6.3...v2.6.4"
},
{
"name": "FEDORA-2023-ce8943223c",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTEUUTNIEBHGKUKKLNUZSV7IEP6IP3Q3/"
},
{
"name": "FEDORA-2023-18fd476362",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UM6XJ73Q3NAM5KSGCOKJ2ZIA6GUWUJLK/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-43138",
"datePublished": "2022-04-06T00:00:00.000Z",
"dateReserved": "2021-11-01T00:00:00.000Z",
"dateUpdated": "2024-08-04T03:47:13.575Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2021-43138",
"date": "2026-06-05",
"epss": "0.00657",
"percentile": "0.71473"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2021-43138\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2022-04-06T17:15:08.650\",\"lastModified\":\"2024-11-21T06:28:43.393\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In Async before 2.6.4 and 3.x before 3.2.2, a malicious user can obtain privileges via the mapValues() method, aka lib/internal/iterator.js createObjectIterator prototype pollution.\"},{\"lang\":\"es\",\"value\":\"En Async antes de la versi\u00f3n 2.6.4 y 3.x antes de la versi\u00f3n 3.2.2, un usuario malicioso puede obtener privilegios a trav\u00e9s del m\u00e9todo mapValues(), tambi\u00e9n conocido como contaminaci\u00f3n del prototipo lib/internal/iterator.js createObjectIterator\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1321\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:async_project:async:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.6.4\",\"matchCriteriaId\":\"B72E3857-6DDB-46B0-BC63-3D946C7C5022\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:async_project:async:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.0.0\",\"versionEndExcluding\":\"3.2.2\",\"matchCriteriaId\":\"213DEB60-8A87-402F-B27F-7DE272760E8D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E30D0E6F-4AE8-4284-8716-991DFA48CC5D\"}]}]}],\"references\":[{\"url\":\"https://github.com/caolan/async/blob/master/lib/internal/iterator.js\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/caolan/async/blob/master/lib/mapValuesLimit.js\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/caolan/async/blob/v2.6.4/CHANGELOG.md#v264\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/caolan/async/commit/e1ecdbf79264f9ab488c7799f4c76996d5dca66d\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/caolan/async/compare/v2.6.3...v2.6.4\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/caolan/async/pull/1828\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://jsfiddle.net/oz5twjd9/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTEUUTNIEBHGKUKKLNUZSV7IEP6IP3Q3/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UM6XJ73Q3NAM5KSGCOKJ2ZIA6GUWUJLK/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20240621-0006/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://github.com/caolan/async/blob/master/lib/internal/iterator.js\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/caolan/async/blob/master/lib/mapValuesLimit.js\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/caolan/async/blob/v2.6.4/CHANGELOG.md#v264\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/caolan/async/commit/e1ecdbf79264f9ab488c7799f4c76996d5dca66d\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/caolan/async/compare/v2.6.3...v2.6.4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/caolan/async/pull/1828\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://jsfiddle.net/oz5twjd9/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTEUUTNIEBHGKUKKLNUZSV7IEP6IP3Q3/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UM6XJ73Q3NAM5KSGCOKJ2ZIA6GUWUJLK/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20240621-0006/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
GHSA-FWR7-V2MV-HH25
Vulnerability from github – Published: 2022-04-07 00:00 – Updated: 2024-06-24 21:23
VLAI
Summary
Prototype Pollution in async
Details
A vulnerability exists in Async through 3.2.1 for 3.x and through 2.6.3 for 2.x (fixed in 3.2.2 and 2.6.4), which could let a malicious user obtain privileges via the mapValues() method.
Severity
7.8 (High)
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "async"
},
"ranges": [
{
"events": [
{
"introduced": "3.0.0"
},
{
"fixed": "3.2.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "async"
},
"ranges": [
{
"events": [
{
"introduced": "2.0.0"
},
{
"fixed": "2.6.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-43138"
],
"database_specific": {
"cwe_ids": [
"CWE-1321"
],
"github_reviewed": true,
"github_reviewed_at": "2022-04-07T22:13:35Z",
"nvd_published_at": "2022-04-06T17:15:00Z",
"severity": "HIGH"
},
"details": "A vulnerability exists in Async through 3.2.1 for 3.x and through 2.6.3 for 2.x (fixed in 3.2.2 and 2.6.4), which could let a malicious user obtain privileges via the `mapValues()` method.",
"id": "GHSA-fwr7-v2mv-hh25",
"modified": "2024-06-24T21:23:09Z",
"published": "2022-04-07T00:00:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43138"
},
{
"type": "WEB",
"url": "https://github.com/caolan/async/pull/1828"
},
{
"type": "WEB",
"url": "https://github.com/caolan/async/commit/8f7f90342a6571ba1c197d747ebed30c368096d2"
},
{
"type": "WEB",
"url": "https://github.com/caolan/async/commit/e1ecdbf79264f9ab488c7799f4c76996d5dca66d"
},
{
"type": "PACKAGE",
"url": "https://github.com/caolan/async"
},
{
"type": "WEB",
"url": "https://github.com/caolan/async/blob/master/lib/internal/iterator.js"
},
{
"type": "WEB",
"url": "https://github.com/caolan/async/blob/master/lib/mapValuesLimit.js"
},
{
"type": "WEB",
"url": "https://github.com/caolan/async/blob/v2.6.4/CHANGELOG.md#v264"
},
{
"type": "WEB",
"url": "https://github.com/caolan/async/compare/v2.6.3...v2.6.4"
},
{
"type": "WEB",
"url": "https://jsfiddle.net/oz5twjd9"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTEUUTNIEBHGKUKKLNUZSV7IEP6IP3Q3"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UM6XJ73Q3NAM5KSGCOKJ2ZIA6GUWUJLK"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MTEUUTNIEBHGKUKKLNUZSV7IEP6IP3Q3"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UM6XJ73Q3NAM5KSGCOKJ2ZIA6GUWUJLK"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20240621-0006"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Prototype Pollution in async"
}
GSD-2021-43138
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
In Async before 2.6.4 and 3.x before 3.2.2, a malicious user can obtain privileges via the mapValues() method, aka lib/internal/iterator.js createObjectIterator prototype pollution.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2021-43138",
"description": "A vulnerability exists in Async through 3.2.1 (fixed in 3.2.2) , which could let a malicious user obtain privileges via the mapValues() method.",
"id": "GSD-2021-43138",
"references": [
"https://www.suse.com/security/cve/CVE-2021-43138.html",
"https://access.redhat.com/errata/RHSA-2023:0693"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2021-43138"
],
"details": "In Async before 2.6.4 and 3.x before 3.2.2, a malicious user can obtain privileges via the mapValues() method, aka lib/internal/iterator.js createObjectIterator prototype pollution.",
"id": "GSD-2021-43138",
"modified": "2023-12-13T01:23:25.976923Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-43138",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Async before 2.6.4 and 3.x before 3.2.2, a malicious user can obtain privileges via the mapValues() method, aka lib/internal/iterator.js createObjectIterator prototype pollution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/caolan/async/blob/master/lib/internal/iterator.js",
"refsource": "MISC",
"url": "https://github.com/caolan/async/blob/master/lib/internal/iterator.js"
},
{
"name": "https://github.com/caolan/async/blob/master/lib/mapValuesLimit.js",
"refsource": "MISC",
"url": "https://github.com/caolan/async/blob/master/lib/mapValuesLimit.js"
},
{
"name": "https://jsfiddle.net/oz5twjd9/",
"refsource": "MISC",
"url": "https://jsfiddle.net/oz5twjd9/"
},
{
"name": "https://github.com/caolan/async/commit/e1ecdbf79264f9ab488c7799f4c76996d5dca66d",
"refsource": "MISC",
"url": "https://github.com/caolan/async/commit/e1ecdbf79264f9ab488c7799f4c76996d5dca66d"
},
{
"name": "https://github.com/caolan/async/blob/v2.6.4/CHANGELOG.md#v264",
"refsource": "MISC",
"url": "https://github.com/caolan/async/blob/v2.6.4/CHANGELOG.md#v264"
},
{
"name": "https://github.com/caolan/async/pull/1828",
"refsource": "MISC",
"url": "https://github.com/caolan/async/pull/1828"
},
{
"name": "https://github.com/caolan/async/compare/v2.6.3...v2.6.4",
"refsource": "MISC",
"url": "https://github.com/caolan/async/compare/v2.6.3...v2.6.4"
},
{
"name": "FEDORA-2023-ce8943223c",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MTEUUTNIEBHGKUKKLNUZSV7IEP6IP3Q3/"
},
{
"name": "FEDORA-2023-18fd476362",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UM6XJ73Q3NAM5KSGCOKJ2ZIA6GUWUJLK/"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003c2.6.4||\u003e=3.0.0 \u003c3.2.2",
"affected_versions": "All versions before 2.6.4, all versions starting from 3.0.0 before 3.2.2",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-1321",
"CWE-937"
],
"date": "2023-02-23",
"description": "A vulnerability exists in Async through 3.2.1 (fixed in 3.2.2), which could let a malicious user obtain privileges via the mapValues() method.",
"fixed_versions": [
"2.6.4",
"3.2.2"
],
"identifier": "CVE-2021-43138",
"identifiers": [
"CVE-2021-43138",
"GHSA-fwr7-v2mv-hh25"
],
"not_impacted": "All versions starting from 2.6.4 before 3.0.0, all versions starting from 3.2.2",
"package_slug": "npm/async",
"pubdate": "2022-04-06",
"solution": "Upgrade to versions 2.6.4, 3.2.2 or above.",
"title": "Prototype Pollution in async",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2021-43138",
"https://github.com/caolan/async/commit/e1ecdbf79264f9ab488c7799f4c76996d5dca66d",
"https://github.com/caolan/async/blob/master/lib/internal/iterator.js",
"https://github.com/caolan/async/blob/master/lib/mapValuesLimit.js",
"https://jsfiddle.net/oz5twjd9/",
"https://github.com/advisories/GHSA-fwr7-v2mv-hh25"
],
"uuid": "81b070d9-73e0-4402-93cc-178e7fd015cd"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:async_project:async:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.6.4",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:async_project:async:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.2.2",
"versionStartIncluding": "3.0.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-43138"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "In Async before 2.6.4 and 3.x before 3.2.2, a malicious user can obtain privileges via the mapValues() method, aka lib/internal/iterator.js createObjectIterator prototype pollution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-1321"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/caolan/async/blob/master/lib/mapValuesLimit.js",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/caolan/async/blob/master/lib/mapValuesLimit.js"
},
{
"name": "https://jsfiddle.net/oz5twjd9/",
"refsource": "MISC",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://jsfiddle.net/oz5twjd9/"
},
{
"name": "https://github.com/caolan/async/blob/master/lib/internal/iterator.js",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/caolan/async/blob/master/lib/internal/iterator.js"
},
{
"name": "https://github.com/caolan/async/commit/e1ecdbf79264f9ab488c7799f4c76996d5dca66d",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/caolan/async/commit/e1ecdbf79264f9ab488c7799f4c76996d5dca66d"
},
{
"name": "https://github.com/caolan/async/pull/1828",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/caolan/async/pull/1828"
},
{
"name": "https://github.com/caolan/async/blob/v2.6.4/CHANGELOG.md#v264",
"refsource": "MISC",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/caolan/async/blob/v2.6.4/CHANGELOG.md#v264"
},
{
"name": "https://github.com/caolan/async/compare/v2.6.3...v2.6.4",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/caolan/async/compare/v2.6.3...v2.6.4"
},
{
"name": "FEDORA-2023-ce8943223c",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MTEUUTNIEBHGKUKKLNUZSV7IEP6IP3Q3/"
},
{
"name": "FEDORA-2023-18fd476362",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UM6XJ73Q3NAM5KSGCOKJ2ZIA6GUWUJLK/"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2023-02-23T20:20Z",
"publishedDate": "2022-04-06T17:15Z"
}
}
}
OPENSUSE-SU-2024:12723-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
grafana-9.3.6-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: grafana-9.3.6-1.1 on GA media
Description of the patch: These are all security issues fixed in the grafana-9.3.6-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-12723
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:grafana-9.3.6-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grafana-9.3.6-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grafana-9.3.6-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grafana-9.3.6-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:grafana-9.3.6-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grafana-9.3.6-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grafana-9.3.6-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grafana-9.3.6-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:grafana-9.3.6-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grafana-9.3.6-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grafana-9.3.6-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grafana-9.3.6-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:grafana-9.3.6-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grafana-9.3.6-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grafana-9.3.6-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grafana-9.3.6-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:grafana-9.3.6-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grafana-9.3.6-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grafana-9.3.6-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grafana-9.3.6-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:grafana-9.3.6-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grafana-9.3.6-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grafana-9.3.6-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grafana-9.3.6-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:grafana-9.3.6-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grafana-9.3.6-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grafana-9.3.6-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grafana-9.3.6-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
24 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "grafana-9.3.6-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the grafana-9.3.6-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-12723",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_12723-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-7753 page",
"url": "https://www.suse.com/security/cve/CVE-2020-7753/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3807 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3807/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3918 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3918/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-43138 page",
"url": "https://www.suse.com/security/cve/CVE-2021-43138/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0155 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0155/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-27664 page",
"url": "https://www.suse.com/security/cve/CVE-2022-27664/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-32149 page",
"url": "https://www.suse.com/security/cve/CVE-2022-32149/"
}
],
"title": "grafana-9.3.6-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:12723-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "grafana-9.3.6-1.1.aarch64",
"product": {
"name": "grafana-9.3.6-1.1.aarch64",
"product_id": "grafana-9.3.6-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-9.3.6-1.1.ppc64le",
"product": {
"name": "grafana-9.3.6-1.1.ppc64le",
"product_id": "grafana-9.3.6-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-9.3.6-1.1.s390x",
"product": {
"name": "grafana-9.3.6-1.1.s390x",
"product_id": "grafana-9.3.6-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-9.3.6-1.1.x86_64",
"product": {
"name": "grafana-9.3.6-1.1.x86_64",
"product_id": "grafana-9.3.6-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-9.3.6-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:grafana-9.3.6-1.1.aarch64"
},
"product_reference": "grafana-9.3.6-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-9.3.6-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:grafana-9.3.6-1.1.ppc64le"
},
"product_reference": "grafana-9.3.6-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-9.3.6-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:grafana-9.3.6-1.1.s390x"
},
"product_reference": "grafana-9.3.6-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-9.3.6-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:grafana-9.3.6-1.1.x86_64"
},
"product_reference": "grafana-9.3.6-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-7753",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-7753"
}
],
"notes": [
{
"category": "general",
"text": "All versions of package trim are vulnerable to Regular Expression Denial of Service (ReDoS) via trim().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:grafana-9.3.6-1.1.aarch64",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.ppc64le",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.s390x",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-7753",
"url": "https://www.suse.com/security/cve/CVE-2020-7753"
},
{
"category": "external",
"summary": "SUSE Bug 1218843 for CVE-2020-7753",
"url": "https://bugzilla.suse.com/1218843"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:grafana-9.3.6-1.1.aarch64",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.ppc64le",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.s390x",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:grafana-9.3.6-1.1.aarch64",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.ppc64le",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.s390x",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-7753"
},
{
"cve": "CVE-2021-3807",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3807"
}
],
"notes": [
{
"category": "general",
"text": "ansi-regex is vulnerable to Inefficient Regular Expression Complexity",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:grafana-9.3.6-1.1.aarch64",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.ppc64le",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.s390x",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3807",
"url": "https://www.suse.com/security/cve/CVE-2021-3807"
},
{
"category": "external",
"summary": "SUSE Bug 1192154 for CVE-2021-3807",
"url": "https://bugzilla.suse.com/1192154"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:grafana-9.3.6-1.1.aarch64",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.ppc64le",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.s390x",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:grafana-9.3.6-1.1.aarch64",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.ppc64le",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.s390x",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-3807"
},
{
"cve": "CVE-2021-3918",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3918"
}
],
"notes": [
{
"category": "general",
"text": "json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:grafana-9.3.6-1.1.aarch64",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.ppc64le",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.s390x",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3918",
"url": "https://www.suse.com/security/cve/CVE-2021-3918"
},
{
"category": "external",
"summary": "SUSE Bug 1192696 for CVE-2021-3918",
"url": "https://bugzilla.suse.com/1192696"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:grafana-9.3.6-1.1.aarch64",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.ppc64le",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.s390x",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:grafana-9.3.6-1.1.aarch64",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.ppc64le",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.s390x",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-3918"
},
{
"cve": "CVE-2021-43138",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-43138"
}
],
"notes": [
{
"category": "general",
"text": "In Async before 2.6.4 and 3.x before 3.2.2, a malicious user can obtain privileges via the mapValues() method, aka lib/internal/iterator.js createObjectIterator prototype pollution.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:grafana-9.3.6-1.1.aarch64",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.ppc64le",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.s390x",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-43138",
"url": "https://www.suse.com/security/cve/CVE-2021-43138"
},
{
"category": "external",
"summary": "SUSE Bug 1200480 for CVE-2021-43138",
"url": "https://bugzilla.suse.com/1200480"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:grafana-9.3.6-1.1.aarch64",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.ppc64le",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.s390x",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:grafana-9.3.6-1.1.aarch64",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.ppc64le",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.s390x",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-43138"
},
{
"cve": "CVE-2022-0155",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0155"
}
],
"notes": [
{
"category": "general",
"text": "follow-redirects is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:grafana-9.3.6-1.1.aarch64",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.ppc64le",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.s390x",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0155",
"url": "https://www.suse.com/security/cve/CVE-2022-0155"
},
{
"category": "external",
"summary": "SUSE Bug 1218844 for CVE-2022-0155",
"url": "https://bugzilla.suse.com/1218844"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:grafana-9.3.6-1.1.aarch64",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.ppc64le",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.s390x",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:grafana-9.3.6-1.1.aarch64",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.ppc64le",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.s390x",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-0155"
},
{
"cve": "CVE-2022-27664",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-27664"
}
],
"notes": [
{
"category": "general",
"text": "In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:grafana-9.3.6-1.1.aarch64",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.ppc64le",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.s390x",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-27664",
"url": "https://www.suse.com/security/cve/CVE-2022-27664"
},
{
"category": "external",
"summary": "SUSE Bug 1203185 for CVE-2022-27664",
"url": "https://bugzilla.suse.com/1203185"
},
{
"category": "external",
"summary": "SUSE Bug 1203293 for CVE-2022-27664",
"url": "https://bugzilla.suse.com/1203293"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:grafana-9.3.6-1.1.aarch64",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.ppc64le",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.s390x",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:grafana-9.3.6-1.1.aarch64",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.ppc64le",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.s390x",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-27664"
},
{
"cve": "CVE-2022-32149",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-32149"
}
],
"notes": [
{
"category": "general",
"text": "An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:grafana-9.3.6-1.1.aarch64",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.ppc64le",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.s390x",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-32149",
"url": "https://www.suse.com/security/cve/CVE-2022-32149"
},
{
"category": "external",
"summary": "SUSE Bug 1204501 for CVE-2022-32149",
"url": "https://bugzilla.suse.com/1204501"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:grafana-9.3.6-1.1.aarch64",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.ppc64le",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.s390x",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:grafana-9.3.6-1.1.aarch64",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.ppc64le",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.s390x",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-32149"
}
]
}
RHSA-2023:0693
Vulnerability from csaf_redhat - Published: 2023-02-09 02:17 - Updated: 2026-06-03 11:29Summary
Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.7 security and bug fix update
Severity
Moderate
Notes
Topic: The Migration Toolkit for Containers (MTC) 1.7.7 is now available.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.
Security Fix(es) from Bugzilla:
* async: Prototype Pollution in async (CVE-2021-43138)
* golang: archive/tar: unbounded memory consumption when reading headers (CVE-2022-2879)
* golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880)
* golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)
* golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags (CVE-2022-32149)
* golang: net/url: JoinPath does not strip relative path components in all circumstances (CVE-2022-32190)
* golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715)
* golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)
* golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service (CVE-2022-32189)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A vulnerability was found in the async package. This flaw allows a malicious user to obtain privileges via the mapValues() method.
7.8 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:4141db5099ae659270297eb4aaff695ac43fce67d91fea49dbc76583f419d3a1_amd64 | — |
Vendor Fix
fix
|
Known not affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:362eb32d0d2607f72b4f425dabaea7cde5d292ac41aea0c18c78bc6e408fff9e_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:aa63717ac3a4961e774ed0baa3a73f01eda185516e7380579d97b9d25764d10d_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:1ac9cdfbdce8f7b6e4ebf5e40013f766b71b6dd604c92f602aca96612a228eda_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:d89e9ef65993466d25b26702d0210c14ce191155501774f4d2f1f08dbdad9804_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:5acf34dc4041b694b452d46c2f656db566241773285ca305a79ab7b9dc087b43_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:15df7304827ce49d422554551f08d99cfffa1afc4ffacac145d4399ccb1cbd68_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:90ed03a5e0cb0b0ffd85f7434cc4eda9bd8fe81cd90b597772d9b7caccd4b80f_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:aaa03ef0769d38185675db2a7a78454659de14bdebe5ff842614bf2124e5adfe_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:aaaf4f6095294b497889749390f0a3aac04b83131a423799c44b5e367e0b370a_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:58bd4ffc3e9599401251ac929cf15c1773ecc03a57177118adbe23ac8d7762af_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:633eeb0b6b50e21bbc0fb12fd2262294733fc9ac8b1e9eedcdb9d1433534d88d_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:19dbf2bb83f8a0f35079d6ae25f8fcddad970e48ecb21694fd2d4c553313e4aa_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:93e95f065eadaa41154b9012dd5ddc824607758e2bce85c4256c2689125b80a4_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:70d3d46f54b91538e047df62e7e5b161fabac195a2f2e45cdba78215b4c82a7d_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1ca6945c3918f1743a4cee86a507f9f6581c8f8e572b6b8739d79a675a64d1db_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:26f8fb5c41ece82626325ba502505ba1ca7986602cc147b492f9857caa0be868_amd64 | — |
Threats
Impact
Moderate
A flaw was found in the golang package, where Reader.Read does not set a limit on the maximum size of file headers. After fixing, Reader.Read limits the maximum size of header blocks to 1 MiB. This flaw allows a maliciously crafted archive to cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panic.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:26f8fb5c41ece82626325ba502505ba1ca7986602cc147b492f9857caa0be868_amd64 | — |
Vendor Fix
fix
|
Known not affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:362eb32d0d2607f72b4f425dabaea7cde5d292ac41aea0c18c78bc6e408fff9e_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:aa63717ac3a4961e774ed0baa3a73f01eda185516e7380579d97b9d25764d10d_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:1ac9cdfbdce8f7b6e4ebf5e40013f766b71b6dd604c92f602aca96612a228eda_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:d89e9ef65993466d25b26702d0210c14ce191155501774f4d2f1f08dbdad9804_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:5acf34dc4041b694b452d46c2f656db566241773285ca305a79ab7b9dc087b43_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:15df7304827ce49d422554551f08d99cfffa1afc4ffacac145d4399ccb1cbd68_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:90ed03a5e0cb0b0ffd85f7434cc4eda9bd8fe81cd90b597772d9b7caccd4b80f_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:aaa03ef0769d38185675db2a7a78454659de14bdebe5ff842614bf2124e5adfe_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:aaaf4f6095294b497889749390f0a3aac04b83131a423799c44b5e367e0b370a_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:58bd4ffc3e9599401251ac929cf15c1773ecc03a57177118adbe23ac8d7762af_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:4141db5099ae659270297eb4aaff695ac43fce67d91fea49dbc76583f419d3a1_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:633eeb0b6b50e21bbc0fb12fd2262294733fc9ac8b1e9eedcdb9d1433534d88d_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:19dbf2bb83f8a0f35079d6ae25f8fcddad970e48ecb21694fd2d4c553313e4aa_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:93e95f065eadaa41154b9012dd5ddc824607758e2bce85c4256c2689125b80a4_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:70d3d46f54b91538e047df62e7e5b161fabac195a2f2e45cdba78215b4c82a7d_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1ca6945c3918f1743a4cee86a507f9f6581c8f8e572b6b8739d79a675a64d1db_amd64 | — |
Threats
Impact
Moderate
A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After the fix, the reverse proxy sanitizes the query parameters in the forwarded query when the outbound request's form field is set after the reverse proxy. The director function returns, indicating that the proxy has parsed the query parameters. Proxies that do not parse query parameters continue to forward the original query parameters unchanged.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:26f8fb5c41ece82626325ba502505ba1ca7986602cc147b492f9857caa0be868_amd64 | — |
Vendor Fix
fix
|
Known not affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:362eb32d0d2607f72b4f425dabaea7cde5d292ac41aea0c18c78bc6e408fff9e_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:aa63717ac3a4961e774ed0baa3a73f01eda185516e7380579d97b9d25764d10d_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:1ac9cdfbdce8f7b6e4ebf5e40013f766b71b6dd604c92f602aca96612a228eda_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:d89e9ef65993466d25b26702d0210c14ce191155501774f4d2f1f08dbdad9804_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:5acf34dc4041b694b452d46c2f656db566241773285ca305a79ab7b9dc087b43_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:15df7304827ce49d422554551f08d99cfffa1afc4ffacac145d4399ccb1cbd68_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:90ed03a5e0cb0b0ffd85f7434cc4eda9bd8fe81cd90b597772d9b7caccd4b80f_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:aaa03ef0769d38185675db2a7a78454659de14bdebe5ff842614bf2124e5adfe_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:aaaf4f6095294b497889749390f0a3aac04b83131a423799c44b5e367e0b370a_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:58bd4ffc3e9599401251ac929cf15c1773ecc03a57177118adbe23ac8d7762af_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:4141db5099ae659270297eb4aaff695ac43fce67d91fea49dbc76583f419d3a1_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:633eeb0b6b50e21bbc0fb12fd2262294733fc9ac8b1e9eedcdb9d1433534d88d_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:19dbf2bb83f8a0f35079d6ae25f8fcddad970e48ecb21694fd2d4c553313e4aa_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:93e95f065eadaa41154b9012dd5ddc824607758e2bce85c4256c2689125b80a4_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:70d3d46f54b91538e047df62e7e5b161fabac195a2f2e45cdba78215b4c82a7d_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1ca6945c3918f1743a4cee86a507f9f6581c8f8e572b6b8739d79a675a64d1db_amd64 | — |
Threats
Impact
Moderate
A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown.
6.5 (Medium)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:15df7304827ce49d422554551f08d99cfffa1afc4ffacac145d4399ccb1cbd68_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:26f8fb5c41ece82626325ba502505ba1ca7986602cc147b492f9857caa0be868_amd64 | — |
Vendor Fix
fix
|
Known not affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:362eb32d0d2607f72b4f425dabaea7cde5d292ac41aea0c18c78bc6e408fff9e_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:aa63717ac3a4961e774ed0baa3a73f01eda185516e7380579d97b9d25764d10d_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:1ac9cdfbdce8f7b6e4ebf5e40013f766b71b6dd604c92f602aca96612a228eda_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:d89e9ef65993466d25b26702d0210c14ce191155501774f4d2f1f08dbdad9804_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:5acf34dc4041b694b452d46c2f656db566241773285ca305a79ab7b9dc087b43_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:90ed03a5e0cb0b0ffd85f7434cc4eda9bd8fe81cd90b597772d9b7caccd4b80f_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:aaa03ef0769d38185675db2a7a78454659de14bdebe5ff842614bf2124e5adfe_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:aaaf4f6095294b497889749390f0a3aac04b83131a423799c44b5e367e0b370a_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:58bd4ffc3e9599401251ac929cf15c1773ecc03a57177118adbe23ac8d7762af_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:4141db5099ae659270297eb4aaff695ac43fce67d91fea49dbc76583f419d3a1_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:633eeb0b6b50e21bbc0fb12fd2262294733fc9ac8b1e9eedcdb9d1433534d88d_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:19dbf2bb83f8a0f35079d6ae25f8fcddad970e48ecb21694fd2d4c553313e4aa_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:93e95f065eadaa41154b9012dd5ddc824607758e2bce85c4256c2689125b80a4_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:70d3d46f54b91538e047df62e7e5b161fabac195a2f2e45cdba78215b4c82a7d_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1ca6945c3918f1743a4cee86a507f9f6581c8f8e572b6b8739d79a675a64d1db_amd64 | — |
Threats
Impact
Moderate
A vulnerability was found in the golang.org/x/text/language package. An attacker can craft an Accept-Language header which ParseAcceptLanguage will take significant time to parse. This issue leads to a denial of service, and can impact availability.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1ca6945c3918f1743a4cee86a507f9f6581c8f8e572b6b8739d79a675a64d1db_amd64 | — |
Vendor Fix
fix
|
Known not affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:362eb32d0d2607f72b4f425dabaea7cde5d292ac41aea0c18c78bc6e408fff9e_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:aa63717ac3a4961e774ed0baa3a73f01eda185516e7380579d97b9d25764d10d_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:1ac9cdfbdce8f7b6e4ebf5e40013f766b71b6dd604c92f602aca96612a228eda_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:d89e9ef65993466d25b26702d0210c14ce191155501774f4d2f1f08dbdad9804_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:5acf34dc4041b694b452d46c2f656db566241773285ca305a79ab7b9dc087b43_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:15df7304827ce49d422554551f08d99cfffa1afc4ffacac145d4399ccb1cbd68_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:90ed03a5e0cb0b0ffd85f7434cc4eda9bd8fe81cd90b597772d9b7caccd4b80f_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:aaa03ef0769d38185675db2a7a78454659de14bdebe5ff842614bf2124e5adfe_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:aaaf4f6095294b497889749390f0a3aac04b83131a423799c44b5e367e0b370a_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:58bd4ffc3e9599401251ac929cf15c1773ecc03a57177118adbe23ac8d7762af_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:4141db5099ae659270297eb4aaff695ac43fce67d91fea49dbc76583f419d3a1_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:633eeb0b6b50e21bbc0fb12fd2262294733fc9ac8b1e9eedcdb9d1433534d88d_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:19dbf2bb83f8a0f35079d6ae25f8fcddad970e48ecb21694fd2d4c553313e4aa_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:93e95f065eadaa41154b9012dd5ddc824607758e2bce85c4256c2689125b80a4_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:70d3d46f54b91538e047df62e7e5b161fabac195a2f2e45cdba78215b4c82a7d_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:26f8fb5c41ece82626325ba502505ba1ca7986602cc147b492f9857caa0be868_amd64 | — |
Threats
Impact
Moderate
An uncontrolled resource consumption flaw was found in Golang math/big. A too-short encoded message can cause a panic in Float.GobDecode and Rat.GobDecode in math/big in Go, potentially allowing an attacker to create a denial of service, impacting availability.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:26f8fb5c41ece82626325ba502505ba1ca7986602cc147b492f9857caa0be868_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:362eb32d0d2607f72b4f425dabaea7cde5d292ac41aea0c18c78bc6e408fff9e_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:aa63717ac3a4961e774ed0baa3a73f01eda185516e7380579d97b9d25764d10d_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:1ac9cdfbdce8f7b6e4ebf5e40013f766b71b6dd604c92f602aca96612a228eda_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:d89e9ef65993466d25b26702d0210c14ce191155501774f4d2f1f08dbdad9804_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:5acf34dc4041b694b452d46c2f656db566241773285ca305a79ab7b9dc087b43_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:15df7304827ce49d422554551f08d99cfffa1afc4ffacac145d4399ccb1cbd68_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:90ed03a5e0cb0b0ffd85f7434cc4eda9bd8fe81cd90b597772d9b7caccd4b80f_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:aaa03ef0769d38185675db2a7a78454659de14bdebe5ff842614bf2124e5adfe_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:aaaf4f6095294b497889749390f0a3aac04b83131a423799c44b5e367e0b370a_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:58bd4ffc3e9599401251ac929cf15c1773ecc03a57177118adbe23ac8d7762af_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:4141db5099ae659270297eb4aaff695ac43fce67d91fea49dbc76583f419d3a1_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:633eeb0b6b50e21bbc0fb12fd2262294733fc9ac8b1e9eedcdb9d1433534d88d_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:19dbf2bb83f8a0f35079d6ae25f8fcddad970e48ecb21694fd2d4c553313e4aa_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:93e95f065eadaa41154b9012dd5ddc824607758e2bce85c4256c2689125b80a4_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:70d3d46f54b91538e047df62e7e5b161fabac195a2f2e45cdba78215b4c82a7d_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1ca6945c3918f1743a4cee86a507f9f6581c8f8e572b6b8739d79a675a64d1db_amd64 | — |
Workaround
|
Threats
Impact
Low
A flaw was found in the golang package. The JoinPath doesn't remove the ../ path components appended to a domain that is not terminated by a slash, possibly leading to a directory traversal attack.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:26f8fb5c41ece82626325ba502505ba1ca7986602cc147b492f9857caa0be868_amd64 | — |
Vendor Fix
fix
|
Known not affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:362eb32d0d2607f72b4f425dabaea7cde5d292ac41aea0c18c78bc6e408fff9e_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:aa63717ac3a4961e774ed0baa3a73f01eda185516e7380579d97b9d25764d10d_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:1ac9cdfbdce8f7b6e4ebf5e40013f766b71b6dd604c92f602aca96612a228eda_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:d89e9ef65993466d25b26702d0210c14ce191155501774f4d2f1f08dbdad9804_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:5acf34dc4041b694b452d46c2f656db566241773285ca305a79ab7b9dc087b43_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:15df7304827ce49d422554551f08d99cfffa1afc4ffacac145d4399ccb1cbd68_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:90ed03a5e0cb0b0ffd85f7434cc4eda9bd8fe81cd90b597772d9b7caccd4b80f_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:aaa03ef0769d38185675db2a7a78454659de14bdebe5ff842614bf2124e5adfe_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:aaaf4f6095294b497889749390f0a3aac04b83131a423799c44b5e367e0b370a_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:58bd4ffc3e9599401251ac929cf15c1773ecc03a57177118adbe23ac8d7762af_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:4141db5099ae659270297eb4aaff695ac43fce67d91fea49dbc76583f419d3a1_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:633eeb0b6b50e21bbc0fb12fd2262294733fc9ac8b1e9eedcdb9d1433534d88d_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:19dbf2bb83f8a0f35079d6ae25f8fcddad970e48ecb21694fd2d4c553313e4aa_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:93e95f065eadaa41154b9012dd5ddc824607758e2bce85c4256c2689125b80a4_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:70d3d46f54b91538e047df62e7e5b161fabac195a2f2e45cdba78215b4c82a7d_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1ca6945c3918f1743a4cee86a507f9f6581c8f8e572b6b8739d79a675a64d1db_amd64 | — |
Threats
Impact
Moderate
A flaw was found in the golang package, where programs that compile regular expressions from untrusted sources are vulnerable to memory exhaustion or a denial of service. The parsed regexp representation is linear in the input size. Still, in some cases, the constant factor can be as high as 40,000, making a relatively small regexp consume larger amounts of memory. After the fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Routine use of regular expressions is unaffected.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:26f8fb5c41ece82626325ba502505ba1ca7986602cc147b492f9857caa0be868_amd64 | — |
Vendor Fix
fix
|
Known not affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:362eb32d0d2607f72b4f425dabaea7cde5d292ac41aea0c18c78bc6e408fff9e_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:aa63717ac3a4961e774ed0baa3a73f01eda185516e7380579d97b9d25764d10d_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:1ac9cdfbdce8f7b6e4ebf5e40013f766b71b6dd604c92f602aca96612a228eda_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:d89e9ef65993466d25b26702d0210c14ce191155501774f4d2f1f08dbdad9804_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:5acf34dc4041b694b452d46c2f656db566241773285ca305a79ab7b9dc087b43_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:15df7304827ce49d422554551f08d99cfffa1afc4ffacac145d4399ccb1cbd68_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:90ed03a5e0cb0b0ffd85f7434cc4eda9bd8fe81cd90b597772d9b7caccd4b80f_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:aaa03ef0769d38185675db2a7a78454659de14bdebe5ff842614bf2124e5adfe_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:aaaf4f6095294b497889749390f0a3aac04b83131a423799c44b5e367e0b370a_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:58bd4ffc3e9599401251ac929cf15c1773ecc03a57177118adbe23ac8d7762af_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:4141db5099ae659270297eb4aaff695ac43fce67d91fea49dbc76583f419d3a1_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:633eeb0b6b50e21bbc0fb12fd2262294733fc9ac8b1e9eedcdb9d1433534d88d_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:19dbf2bb83f8a0f35079d6ae25f8fcddad970e48ecb21694fd2d4c553313e4aa_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:93e95f065eadaa41154b9012dd5ddc824607758e2bce85c4256c2689125b80a4_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:70d3d46f54b91538e047df62e7e5b161fabac195a2f2e45cdba78215b4c82a7d_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1ca6945c3918f1743a4cee86a507f9f6581c8f8e572b6b8739d79a675a64d1db_amd64 | — |
Threats
Impact
Moderate
A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.
5.3 (Medium)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:362eb32d0d2607f72b4f425dabaea7cde5d292ac41aea0c18c78bc6e408fff9e_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:5acf34dc4041b694b452d46c2f656db566241773285ca305a79ab7b9dc087b43_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:aaa03ef0769d38185675db2a7a78454659de14bdebe5ff842614bf2124e5adfe_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:633eeb0b6b50e21bbc0fb12fd2262294733fc9ac8b1e9eedcdb9d1433534d88d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:19dbf2bb83f8a0f35079d6ae25f8fcddad970e48ecb21694fd2d4c553313e4aa_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:93e95f065eadaa41154b9012dd5ddc824607758e2bce85c4256c2689125b80a4_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:70d3d46f54b91538e047df62e7e5b161fabac195a2f2e45cdba78215b4c82a7d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1ca6945c3918f1743a4cee86a507f9f6581c8f8e572b6b8739d79a675a64d1db_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:26f8fb5c41ece82626325ba502505ba1ca7986602cc147b492f9857caa0be868_amd64 | — |
Vendor Fix
fix
|
Known not affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:aa63717ac3a4961e774ed0baa3a73f01eda185516e7380579d97b9d25764d10d_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:1ac9cdfbdce8f7b6e4ebf5e40013f766b71b6dd604c92f602aca96612a228eda_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:d89e9ef65993466d25b26702d0210c14ce191155501774f4d2f1f08dbdad9804_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:15df7304827ce49d422554551f08d99cfffa1afc4ffacac145d4399ccb1cbd68_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:90ed03a5e0cb0b0ffd85f7434cc4eda9bd8fe81cd90b597772d9b7caccd4b80f_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:aaaf4f6095294b497889749390f0a3aac04b83131a423799c44b5e367e0b370a_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:58bd4ffc3e9599401251ac929cf15c1773ecc03a57177118adbe23ac8d7762af_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:4141db5099ae659270297eb4aaff695ac43fce67d91fea49dbc76583f419d3a1_amd64 | — |
Threats
Impact
Moderate
References
69 references
Acknowledgments
ADA Logics
Adam Korczynski
OSS-Fuzz
Head of Research, Oxeye
Daniel Abeles
Security Researcher, Oxeye
Gal Goldstein
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "The Migration Toolkit for Containers (MTC) 1.7.7 is now available.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.\n\nSecurity Fix(es) from Bugzilla:\n\n* async: Prototype Pollution in async (CVE-2021-43138)\n\n* golang: archive/tar: unbounded memory consumption when reading headers (CVE-2022-2879)\n\n* golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880)\n\n* golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)\n\n* golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags (CVE-2022-32149)\n\n* golang: net/url: JoinPath does not strip relative path components in all circumstances (CVE-2022-32190)\n\n* golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715)\n\n* golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)\n\n* golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service (CVE-2022-32189)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:0693",
"url": "https://access.redhat.com/errata/RHSA-2023:0693"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2113814",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2113814"
},
{
"category": "external",
"summary": "2124668",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124668"
},
{
"category": "external",
"summary": "2124669",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124669"
},
{
"category": "external",
"summary": "2126276",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126276"
},
{
"category": "external",
"summary": "2132867",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132867"
},
{
"category": "external",
"summary": "2132868",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132868"
},
{
"category": "external",
"summary": "2132872",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132872"
},
{
"category": "external",
"summary": "2134010",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134010"
},
{
"category": "external",
"summary": "2160662",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2160662"
},
{
"category": "external",
"summary": "2161274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161274"
},
{
"category": "external",
"summary": "MIG-1275",
"url": "https://issues.redhat.com/browse/MIG-1275"
},
{
"category": "external",
"summary": "MIG-1281",
"url": "https://issues.redhat.com/browse/MIG-1281"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_0693.json"
}
],
"title": "Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.7 security and bug fix update",
"tracking": {
"current_release_date": "2026-06-03T11:29:15+00:00",
"generator": {
"date": "2026-06-03T11:29:15+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2023:0693",
"initial_release_date": "2023-02-09T02:17:22+00:00",
"revision_history": [
{
"date": "2023-02-09T02:17:22+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-02-09T02:17:22+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-03T11:29:15+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "8Base-RHMTC-1.7",
"product": {
"name": "8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhmt:1.7::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Migration Toolkit"
},
{
"branches": [
{
"category": "product_version",
"name": "rhmtc/openshift-migration-controller-rhel8@sha256:362eb32d0d2607f72b4f425dabaea7cde5d292ac41aea0c18c78bc6e408fff9e_amd64",
"product": {
"name": "rhmtc/openshift-migration-controller-rhel8@sha256:362eb32d0d2607f72b4f425dabaea7cde5d292ac41aea0c18c78bc6e408fff9e_amd64",
"product_id": "rhmtc/openshift-migration-controller-rhel8@sha256:362eb32d0d2607f72b4f425dabaea7cde5d292ac41aea0c18c78bc6e408fff9e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-controller-rhel8@sha256:362eb32d0d2607f72b4f425dabaea7cde5d292ac41aea0c18c78bc6e408fff9e?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-controller-rhel8\u0026tag=v1.7.7-4"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-hook-runner-rhel8@sha256:aa63717ac3a4961e774ed0baa3a73f01eda185516e7380579d97b9d25764d10d_amd64",
"product": {
"name": "rhmtc/openshift-migration-hook-runner-rhel8@sha256:aa63717ac3a4961e774ed0baa3a73f01eda185516e7380579d97b9d25764d10d_amd64",
"product_id": "rhmtc/openshift-migration-hook-runner-rhel8@sha256:aa63717ac3a4961e774ed0baa3a73f01eda185516e7380579d97b9d25764d10d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-hook-runner-rhel8@sha256:aa63717ac3a4961e774ed0baa3a73f01eda185516e7380579d97b9d25764d10d?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-hook-runner-rhel8\u0026tag=v1.7.7-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:1ac9cdfbdce8f7b6e4ebf5e40013f766b71b6dd604c92f602aca96612a228eda_amd64",
"product": {
"name": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:1ac9cdfbdce8f7b6e4ebf5e40013f766b71b6dd604c92f602aca96612a228eda_amd64",
"product_id": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:1ac9cdfbdce8f7b6e4ebf5e40013f766b71b6dd604c92f602aca96612a228eda_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-legacy-rhel8-operator@sha256:1ac9cdfbdce8f7b6e4ebf5e40013f766b71b6dd604c92f602aca96612a228eda?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-legacy-rhel8-operator\u0026tag=v1.7.7-9"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:d89e9ef65993466d25b26702d0210c14ce191155501774f4d2f1f08dbdad9804_amd64",
"product": {
"name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:d89e9ef65993466d25b26702d0210c14ce191155501774f4d2f1f08dbdad9804_amd64",
"product_id": "rhmtc/openshift-migration-log-reader-rhel8@sha256:d89e9ef65993466d25b26702d0210c14ce191155501774f4d2f1f08dbdad9804_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-log-reader-rhel8@sha256:d89e9ef65993466d25b26702d0210c14ce191155501774f4d2f1f08dbdad9804?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-log-reader-rhel8\u0026tag=v1.7.7-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:5acf34dc4041b694b452d46c2f656db566241773285ca305a79ab7b9dc087b43_amd64",
"product": {
"name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:5acf34dc4041b694b452d46c2f656db566241773285ca305a79ab7b9dc087b43_amd64",
"product_id": "rhmtc/openshift-migration-must-gather-rhel8@sha256:5acf34dc4041b694b452d46c2f656db566241773285ca305a79ab7b9dc087b43_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-must-gather-rhel8@sha256:5acf34dc4041b694b452d46c2f656db566241773285ca305a79ab7b9dc087b43?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-must-gather-rhel8\u0026tag=v1.7.7-4"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-openvpn-rhel8@sha256:15df7304827ce49d422554551f08d99cfffa1afc4ffacac145d4399ccb1cbd68_amd64",
"product": {
"name": "rhmtc/openshift-migration-openvpn-rhel8@sha256:15df7304827ce49d422554551f08d99cfffa1afc4ffacac145d4399ccb1cbd68_amd64",
"product_id": "rhmtc/openshift-migration-openvpn-rhel8@sha256:15df7304827ce49d422554551f08d99cfffa1afc4ffacac145d4399ccb1cbd68_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-openvpn-rhel8@sha256:15df7304827ce49d422554551f08d99cfffa1afc4ffacac145d4399ccb1cbd68?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-openvpn-rhel8\u0026tag=v1.7.7-2"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-rhel8-operator@sha256:aaaf4f6095294b497889749390f0a3aac04b83131a423799c44b5e367e0b370a_amd64",
"product": {
"name": "rhmtc/openshift-migration-rhel8-operator@sha256:aaaf4f6095294b497889749390f0a3aac04b83131a423799c44b5e367e0b370a_amd64",
"product_id": "rhmtc/openshift-migration-rhel8-operator@sha256:aaaf4f6095294b497889749390f0a3aac04b83131a423799c44b5e367e0b370a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-rhel8-operator@sha256:aaaf4f6095294b497889749390f0a3aac04b83131a423799c44b5e367e0b370a?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-rhel8-operator\u0026tag=v1.7.7-9"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-operator-bundle@sha256:90ed03a5e0cb0b0ffd85f7434cc4eda9bd8fe81cd90b597772d9b7caccd4b80f_amd64",
"product": {
"name": "rhmtc/openshift-migration-operator-bundle@sha256:90ed03a5e0cb0b0ffd85f7434cc4eda9bd8fe81cd90b597772d9b7caccd4b80f_amd64",
"product_id": "rhmtc/openshift-migration-operator-bundle@sha256:90ed03a5e0cb0b0ffd85f7434cc4eda9bd8fe81cd90b597772d9b7caccd4b80f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-operator-bundle@sha256:90ed03a5e0cb0b0ffd85f7434cc4eda9bd8fe81cd90b597772d9b7caccd4b80f?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-operator-bundle\u0026tag=v1.7.7-9"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-registry-rhel8@sha256:aaa03ef0769d38185675db2a7a78454659de14bdebe5ff842614bf2124e5adfe_amd64",
"product": {
"name": "rhmtc/openshift-migration-registry-rhel8@sha256:aaa03ef0769d38185675db2a7a78454659de14bdebe5ff842614bf2124e5adfe_amd64",
"product_id": "rhmtc/openshift-migration-registry-rhel8@sha256:aaa03ef0769d38185675db2a7a78454659de14bdebe5ff842614bf2124e5adfe_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-registry-rhel8@sha256:aaa03ef0769d38185675db2a7a78454659de14bdebe5ff842614bf2124e5adfe?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-registry-rhel8\u0026tag=v1.7.7-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:58bd4ffc3e9599401251ac929cf15c1773ecc03a57177118adbe23ac8d7762af_amd64",
"product": {
"name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:58bd4ffc3e9599401251ac929cf15c1773ecc03a57177118adbe23ac8d7762af_amd64",
"product_id": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:58bd4ffc3e9599401251ac929cf15c1773ecc03a57177118adbe23ac8d7762af_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-rsync-transfer-rhel8@sha256:58bd4ffc3e9599401251ac929cf15c1773ecc03a57177118adbe23ac8d7762af?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-rsync-transfer-rhel8\u0026tag=v1.7.7-2"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-ui-rhel8@sha256:4141db5099ae659270297eb4aaff695ac43fce67d91fea49dbc76583f419d3a1_amd64",
"product": {
"name": "rhmtc/openshift-migration-ui-rhel8@sha256:4141db5099ae659270297eb4aaff695ac43fce67d91fea49dbc76583f419d3a1_amd64",
"product_id": "rhmtc/openshift-migration-ui-rhel8@sha256:4141db5099ae659270297eb4aaff695ac43fce67d91fea49dbc76583f419d3a1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-ui-rhel8@sha256:4141db5099ae659270297eb4aaff695ac43fce67d91fea49dbc76583f419d3a1?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-ui-rhel8\u0026tag=v1.7.7-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-rhel8@sha256:1ca6945c3918f1743a4cee86a507f9f6581c8f8e572b6b8739d79a675a64d1db_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-rhel8@sha256:1ca6945c3918f1743a4cee86a507f9f6581c8f8e572b6b8739d79a675a64d1db_amd64",
"product_id": "rhmtc/openshift-migration-velero-rhel8@sha256:1ca6945c3918f1743a4cee86a507f9f6581c8f8e572b6b8739d79a675a64d1db_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-rhel8@sha256:1ca6945c3918f1743a4cee86a507f9f6581c8f8e572b6b8739d79a675a64d1db?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-rhel8\u0026tag=v1.7.7-5"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:633eeb0b6b50e21bbc0fb12fd2262294733fc9ac8b1e9eedcdb9d1433534d88d_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:633eeb0b6b50e21bbc0fb12fd2262294733fc9ac8b1e9eedcdb9d1433534d88d_amd64",
"product_id": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:633eeb0b6b50e21bbc0fb12fd2262294733fc9ac8b1e9eedcdb9d1433534d88d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-plugin-for-aws-rhel8@sha256:633eeb0b6b50e21bbc0fb12fd2262294733fc9ac8b1e9eedcdb9d1433534d88d?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-aws-rhel8\u0026tag=v1.7.7-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:19dbf2bb83f8a0f35079d6ae25f8fcddad970e48ecb21694fd2d4c553313e4aa_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:19dbf2bb83f8a0f35079d6ae25f8fcddad970e48ecb21694fd2d4c553313e4aa_amd64",
"product_id": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:19dbf2bb83f8a0f35079d6ae25f8fcddad970e48ecb21694fd2d4c553313e4aa_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:19dbf2bb83f8a0f35079d6ae25f8fcddad970e48ecb21694fd2d4c553313e4aa?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8\u0026tag=v1.7.7-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:93e95f065eadaa41154b9012dd5ddc824607758e2bce85c4256c2689125b80a4_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:93e95f065eadaa41154b9012dd5ddc824607758e2bce85c4256c2689125b80a4_amd64",
"product_id": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:93e95f065eadaa41154b9012dd5ddc824607758e2bce85c4256c2689125b80a4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:93e95f065eadaa41154b9012dd5ddc824607758e2bce85c4256c2689125b80a4?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8\u0026tag=v1.7.7-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:70d3d46f54b91538e047df62e7e5b161fabac195a2f2e45cdba78215b4c82a7d_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:70d3d46f54b91538e047df62e7e5b161fabac195a2f2e45cdba78215b4c82a7d_amd64",
"product_id": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:70d3d46f54b91538e047df62e7e5b161fabac195a2f2e45cdba78215b4c82a7d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-restic-restore-helper-rhel8@sha256:70d3d46f54b91538e047df62e7e5b161fabac195a2f2e45cdba78215b4c82a7d?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-restic-restore-helper-rhel8\u0026tag=v1.7.7-5"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-velero-plugin-rhel8@sha256:26f8fb5c41ece82626325ba502505ba1ca7986602cc147b492f9857caa0be868_amd64",
"product": {
"name": "rhmtc/openshift-velero-plugin-rhel8@sha256:26f8fb5c41ece82626325ba502505ba1ca7986602cc147b492f9857caa0be868_amd64",
"product_id": "rhmtc/openshift-velero-plugin-rhel8@sha256:26f8fb5c41ece82626325ba502505ba1ca7986602cc147b492f9857caa0be868_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-velero-plugin-rhel8@sha256:26f8fb5c41ece82626325ba502505ba1ca7986602cc147b492f9857caa0be868?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-velero-plugin-rhel8\u0026tag=v1.7.7-3"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-controller-rhel8@sha256:362eb32d0d2607f72b4f425dabaea7cde5d292ac41aea0c18c78bc6e408fff9e_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:362eb32d0d2607f72b4f425dabaea7cde5d292ac41aea0c18c78bc6e408fff9e_amd64"
},
"product_reference": "rhmtc/openshift-migration-controller-rhel8@sha256:362eb32d0d2607f72b4f425dabaea7cde5d292ac41aea0c18c78bc6e408fff9e_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-hook-runner-rhel8@sha256:aa63717ac3a4961e774ed0baa3a73f01eda185516e7380579d97b9d25764d10d_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:aa63717ac3a4961e774ed0baa3a73f01eda185516e7380579d97b9d25764d10d_amd64"
},
"product_reference": "rhmtc/openshift-migration-hook-runner-rhel8@sha256:aa63717ac3a4961e774ed0baa3a73f01eda185516e7380579d97b9d25764d10d_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:1ac9cdfbdce8f7b6e4ebf5e40013f766b71b6dd604c92f602aca96612a228eda_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:1ac9cdfbdce8f7b6e4ebf5e40013f766b71b6dd604c92f602aca96612a228eda_amd64"
},
"product_reference": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:1ac9cdfbdce8f7b6e4ebf5e40013f766b71b6dd604c92f602aca96612a228eda_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:d89e9ef65993466d25b26702d0210c14ce191155501774f4d2f1f08dbdad9804_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:d89e9ef65993466d25b26702d0210c14ce191155501774f4d2f1f08dbdad9804_amd64"
},
"product_reference": "rhmtc/openshift-migration-log-reader-rhel8@sha256:d89e9ef65993466d25b26702d0210c14ce191155501774f4d2f1f08dbdad9804_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:5acf34dc4041b694b452d46c2f656db566241773285ca305a79ab7b9dc087b43_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:5acf34dc4041b694b452d46c2f656db566241773285ca305a79ab7b9dc087b43_amd64"
},
"product_reference": "rhmtc/openshift-migration-must-gather-rhel8@sha256:5acf34dc4041b694b452d46c2f656db566241773285ca305a79ab7b9dc087b43_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-openvpn-rhel8@sha256:15df7304827ce49d422554551f08d99cfffa1afc4ffacac145d4399ccb1cbd68_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:15df7304827ce49d422554551f08d99cfffa1afc4ffacac145d4399ccb1cbd68_amd64"
},
"product_reference": "rhmtc/openshift-migration-openvpn-rhel8@sha256:15df7304827ce49d422554551f08d99cfffa1afc4ffacac145d4399ccb1cbd68_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-operator-bundle@sha256:90ed03a5e0cb0b0ffd85f7434cc4eda9bd8fe81cd90b597772d9b7caccd4b80f_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:90ed03a5e0cb0b0ffd85f7434cc4eda9bd8fe81cd90b597772d9b7caccd4b80f_amd64"
},
"product_reference": "rhmtc/openshift-migration-operator-bundle@sha256:90ed03a5e0cb0b0ffd85f7434cc4eda9bd8fe81cd90b597772d9b7caccd4b80f_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-registry-rhel8@sha256:aaa03ef0769d38185675db2a7a78454659de14bdebe5ff842614bf2124e5adfe_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:aaa03ef0769d38185675db2a7a78454659de14bdebe5ff842614bf2124e5adfe_amd64"
},
"product_reference": "rhmtc/openshift-migration-registry-rhel8@sha256:aaa03ef0769d38185675db2a7a78454659de14bdebe5ff842614bf2124e5adfe_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-rhel8-operator@sha256:aaaf4f6095294b497889749390f0a3aac04b83131a423799c44b5e367e0b370a_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:aaaf4f6095294b497889749390f0a3aac04b83131a423799c44b5e367e0b370a_amd64"
},
"product_reference": "rhmtc/openshift-migration-rhel8-operator@sha256:aaaf4f6095294b497889749390f0a3aac04b83131a423799c44b5e367e0b370a_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:58bd4ffc3e9599401251ac929cf15c1773ecc03a57177118adbe23ac8d7762af_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:58bd4ffc3e9599401251ac929cf15c1773ecc03a57177118adbe23ac8d7762af_amd64"
},
"product_reference": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:58bd4ffc3e9599401251ac929cf15c1773ecc03a57177118adbe23ac8d7762af_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-ui-rhel8@sha256:4141db5099ae659270297eb4aaff695ac43fce67d91fea49dbc76583f419d3a1_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:4141db5099ae659270297eb4aaff695ac43fce67d91fea49dbc76583f419d3a1_amd64"
},
"product_reference": "rhmtc/openshift-migration-ui-rhel8@sha256:4141db5099ae659270297eb4aaff695ac43fce67d91fea49dbc76583f419d3a1_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:633eeb0b6b50e21bbc0fb12fd2262294733fc9ac8b1e9eedcdb9d1433534d88d_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:633eeb0b6b50e21bbc0fb12fd2262294733fc9ac8b1e9eedcdb9d1433534d88d_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:633eeb0b6b50e21bbc0fb12fd2262294733fc9ac8b1e9eedcdb9d1433534d88d_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:19dbf2bb83f8a0f35079d6ae25f8fcddad970e48ecb21694fd2d4c553313e4aa_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:19dbf2bb83f8a0f35079d6ae25f8fcddad970e48ecb21694fd2d4c553313e4aa_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:19dbf2bb83f8a0f35079d6ae25f8fcddad970e48ecb21694fd2d4c553313e4aa_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:93e95f065eadaa41154b9012dd5ddc824607758e2bce85c4256c2689125b80a4_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:93e95f065eadaa41154b9012dd5ddc824607758e2bce85c4256c2689125b80a4_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:93e95f065eadaa41154b9012dd5ddc824607758e2bce85c4256c2689125b80a4_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:70d3d46f54b91538e047df62e7e5b161fabac195a2f2e45cdba78215b4c82a7d_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:70d3d46f54b91538e047df62e7e5b161fabac195a2f2e45cdba78215b4c82a7d_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:70d3d46f54b91538e047df62e7e5b161fabac195a2f2e45cdba78215b4c82a7d_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-rhel8@sha256:1ca6945c3918f1743a4cee86a507f9f6581c8f8e572b6b8739d79a675a64d1db_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1ca6945c3918f1743a4cee86a507f9f6581c8f8e572b6b8739d79a675a64d1db_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-rhel8@sha256:1ca6945c3918f1743a4cee86a507f9f6581c8f8e572b6b8739d79a675a64d1db_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-velero-plugin-rhel8@sha256:26f8fb5c41ece82626325ba502505ba1ca7986602cc147b492f9857caa0be868_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:26f8fb5c41ece82626325ba502505ba1ca7986602cc147b492f9857caa0be868_amd64"
},
"product_reference": "rhmtc/openshift-velero-plugin-rhel8@sha256:26f8fb5c41ece82626325ba502505ba1ca7986602cc147b492f9857caa0be868_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-43138",
"cwe": {
"id": "CWE-1321",
"name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
},
"discovery_date": "2022-09-13T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:362eb32d0d2607f72b4f425dabaea7cde5d292ac41aea0c18c78bc6e408fff9e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:aa63717ac3a4961e774ed0baa3a73f01eda185516e7380579d97b9d25764d10d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:1ac9cdfbdce8f7b6e4ebf5e40013f766b71b6dd604c92f602aca96612a228eda_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:d89e9ef65993466d25b26702d0210c14ce191155501774f4d2f1f08dbdad9804_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:5acf34dc4041b694b452d46c2f656db566241773285ca305a79ab7b9dc087b43_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:15df7304827ce49d422554551f08d99cfffa1afc4ffacac145d4399ccb1cbd68_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:90ed03a5e0cb0b0ffd85f7434cc4eda9bd8fe81cd90b597772d9b7caccd4b80f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:aaa03ef0769d38185675db2a7a78454659de14bdebe5ff842614bf2124e5adfe_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:aaaf4f6095294b497889749390f0a3aac04b83131a423799c44b5e367e0b370a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:58bd4ffc3e9599401251ac929cf15c1773ecc03a57177118adbe23ac8d7762af_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:633eeb0b6b50e21bbc0fb12fd2262294733fc9ac8b1e9eedcdb9d1433534d88d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:19dbf2bb83f8a0f35079d6ae25f8fcddad970e48ecb21694fd2d4c553313e4aa_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:93e95f065eadaa41154b9012dd5ddc824607758e2bce85c4256c2689125b80a4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:70d3d46f54b91538e047df62e7e5b161fabac195a2f2e45cdba78215b4c82a7d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1ca6945c3918f1743a4cee86a507f9f6581c8f8e572b6b8739d79a675a64d1db_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:26f8fb5c41ece82626325ba502505ba1ca7986602cc147b492f9857caa0be868_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2126276"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in the async package. This flaw allows a malicious user to obtain privileges via the mapValues() method.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "async: Prototype Pollution in async",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:4141db5099ae659270297eb4aaff695ac43fce67d91fea49dbc76583f419d3a1_amd64"
],
"known_not_affected": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:362eb32d0d2607f72b4f425dabaea7cde5d292ac41aea0c18c78bc6e408fff9e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:aa63717ac3a4961e774ed0baa3a73f01eda185516e7380579d97b9d25764d10d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:1ac9cdfbdce8f7b6e4ebf5e40013f766b71b6dd604c92f602aca96612a228eda_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:d89e9ef65993466d25b26702d0210c14ce191155501774f4d2f1f08dbdad9804_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:5acf34dc4041b694b452d46c2f656db566241773285ca305a79ab7b9dc087b43_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:15df7304827ce49d422554551f08d99cfffa1afc4ffacac145d4399ccb1cbd68_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:90ed03a5e0cb0b0ffd85f7434cc4eda9bd8fe81cd90b597772d9b7caccd4b80f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:aaa03ef0769d38185675db2a7a78454659de14bdebe5ff842614bf2124e5adfe_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:aaaf4f6095294b497889749390f0a3aac04b83131a423799c44b5e367e0b370a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:58bd4ffc3e9599401251ac929cf15c1773ecc03a57177118adbe23ac8d7762af_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:633eeb0b6b50e21bbc0fb12fd2262294733fc9ac8b1e9eedcdb9d1433534d88d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:19dbf2bb83f8a0f35079d6ae25f8fcddad970e48ecb21694fd2d4c553313e4aa_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:93e95f065eadaa41154b9012dd5ddc824607758e2bce85c4256c2689125b80a4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:70d3d46f54b91538e047df62e7e5b161fabac195a2f2e45cdba78215b4c82a7d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1ca6945c3918f1743a4cee86a507f9f6581c8f8e572b6b8739d79a675a64d1db_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:26f8fb5c41ece82626325ba502505ba1ca7986602cc147b492f9857caa0be868_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-43138"
},
{
"category": "external",
"summary": "RHBZ#2126276",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126276"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-43138",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43138"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-43138",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43138"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-fwr7-v2mv-hh25",
"url": "https://github.com/advisories/GHSA-fwr7-v2mv-hh25"
}
],
"release_date": "2022-04-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-02-09T02:17:22+00:00",
"details": "For details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:4141db5099ae659270297eb4aaff695ac43fce67d91fea49dbc76583f419d3a1_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0693"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:362eb32d0d2607f72b4f425dabaea7cde5d292ac41aea0c18c78bc6e408fff9e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:aa63717ac3a4961e774ed0baa3a73f01eda185516e7380579d97b9d25764d10d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:1ac9cdfbdce8f7b6e4ebf5e40013f766b71b6dd604c92f602aca96612a228eda_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:d89e9ef65993466d25b26702d0210c14ce191155501774f4d2f1f08dbdad9804_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:5acf34dc4041b694b452d46c2f656db566241773285ca305a79ab7b9dc087b43_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:15df7304827ce49d422554551f08d99cfffa1afc4ffacac145d4399ccb1cbd68_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:90ed03a5e0cb0b0ffd85f7434cc4eda9bd8fe81cd90b597772d9b7caccd4b80f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:aaa03ef0769d38185675db2a7a78454659de14bdebe5ff842614bf2124e5adfe_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:aaaf4f6095294b497889749390f0a3aac04b83131a423799c44b5e367e0b370a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:58bd4ffc3e9599401251ac929cf15c1773ecc03a57177118adbe23ac8d7762af_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:4141db5099ae659270297eb4aaff695ac43fce67d91fea49dbc76583f419d3a1_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:633eeb0b6b50e21bbc0fb12fd2262294733fc9ac8b1e9eedcdb9d1433534d88d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:19dbf2bb83f8a0f35079d6ae25f8fcddad970e48ecb21694fd2d4c553313e4aa_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:93e95f065eadaa41154b9012dd5ddc824607758e2bce85c4256c2689125b80a4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:70d3d46f54b91538e047df62e7e5b161fabac195a2f2e45cdba78215b4c82a7d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1ca6945c3918f1743a4cee86a507f9f6581c8f8e572b6b8739d79a675a64d1db_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:26f8fb5c41ece82626325ba502505ba1ca7986602cc147b492f9857caa0be868_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "async: Prototype Pollution in async"
},
{
"acknowledgments": [
{
"names": [
"Adam Korczynski"
],
"organization": "ADA Logics"
},
{
"names": [
"OSS-Fuzz"
]
}
],
"cve": "CVE-2022-2879",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2022-10-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:362eb32d0d2607f72b4f425dabaea7cde5d292ac41aea0c18c78bc6e408fff9e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:aa63717ac3a4961e774ed0baa3a73f01eda185516e7380579d97b9d25764d10d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:1ac9cdfbdce8f7b6e4ebf5e40013f766b71b6dd604c92f602aca96612a228eda_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:d89e9ef65993466d25b26702d0210c14ce191155501774f4d2f1f08dbdad9804_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:5acf34dc4041b694b452d46c2f656db566241773285ca305a79ab7b9dc087b43_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:15df7304827ce49d422554551f08d99cfffa1afc4ffacac145d4399ccb1cbd68_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:90ed03a5e0cb0b0ffd85f7434cc4eda9bd8fe81cd90b597772d9b7caccd4b80f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:aaa03ef0769d38185675db2a7a78454659de14bdebe5ff842614bf2124e5adfe_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:aaaf4f6095294b497889749390f0a3aac04b83131a423799c44b5e367e0b370a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:58bd4ffc3e9599401251ac929cf15c1773ecc03a57177118adbe23ac8d7762af_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:4141db5099ae659270297eb4aaff695ac43fce67d91fea49dbc76583f419d3a1_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:633eeb0b6b50e21bbc0fb12fd2262294733fc9ac8b1e9eedcdb9d1433534d88d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:19dbf2bb83f8a0f35079d6ae25f8fcddad970e48ecb21694fd2d4c553313e4aa_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:93e95f065eadaa41154b9012dd5ddc824607758e2bce85c4256c2689125b80a4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:70d3d46f54b91538e047df62e7e5b161fabac195a2f2e45cdba78215b4c82a7d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1ca6945c3918f1743a4cee86a507f9f6581c8f8e572b6b8739d79a675a64d1db_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2132867"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package, where Reader.Read does not set a limit on the maximum size of file headers. After fixing, Reader.Read limits the maximum size of header blocks to 1 MiB. This flaw allows a maliciously crafted archive to cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panic.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/tar: github.com/vbatts/tar-split: unbounded memory consumption when reading headers",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.\n\n\nThis flaw additionally affects the github.com/vbatts/tar-split library and was fixed in v0.12.1.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:26f8fb5c41ece82626325ba502505ba1ca7986602cc147b492f9857caa0be868_amd64"
],
"known_not_affected": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:362eb32d0d2607f72b4f425dabaea7cde5d292ac41aea0c18c78bc6e408fff9e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:aa63717ac3a4961e774ed0baa3a73f01eda185516e7380579d97b9d25764d10d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:1ac9cdfbdce8f7b6e4ebf5e40013f766b71b6dd604c92f602aca96612a228eda_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:d89e9ef65993466d25b26702d0210c14ce191155501774f4d2f1f08dbdad9804_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:5acf34dc4041b694b452d46c2f656db566241773285ca305a79ab7b9dc087b43_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:15df7304827ce49d422554551f08d99cfffa1afc4ffacac145d4399ccb1cbd68_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:90ed03a5e0cb0b0ffd85f7434cc4eda9bd8fe81cd90b597772d9b7caccd4b80f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:aaa03ef0769d38185675db2a7a78454659de14bdebe5ff842614bf2124e5adfe_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:aaaf4f6095294b497889749390f0a3aac04b83131a423799c44b5e367e0b370a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:58bd4ffc3e9599401251ac929cf15c1773ecc03a57177118adbe23ac8d7762af_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:4141db5099ae659270297eb4aaff695ac43fce67d91fea49dbc76583f419d3a1_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:633eeb0b6b50e21bbc0fb12fd2262294733fc9ac8b1e9eedcdb9d1433534d88d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:19dbf2bb83f8a0f35079d6ae25f8fcddad970e48ecb21694fd2d4c553313e4aa_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:93e95f065eadaa41154b9012dd5ddc824607758e2bce85c4256c2689125b80a4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:70d3d46f54b91538e047df62e7e5b161fabac195a2f2e45cdba78215b4c82a7d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1ca6945c3918f1743a4cee86a507f9f6581c8f8e572b6b8739d79a675a64d1db_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-2879"
},
{
"category": "external",
"summary": "RHBZ#2132867",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132867"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-2879",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2879"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2879",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2879"
},
{
"category": "external",
"summary": "https://github.com/golang/go/issues/54853",
"url": "https://github.com/golang/go/issues/54853"
},
{
"category": "external",
"summary": "https://github.com/vbatts/tar-split/releases/tag/v0.12.1",
"url": "https://github.com/vbatts/tar-split/releases/tag/v0.12.1"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1",
"url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1"
}
],
"release_date": "2022-10-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-02-09T02:17:22+00:00",
"details": "For details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:26f8fb5c41ece82626325ba502505ba1ca7986602cc147b492f9857caa0be868_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0693"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:362eb32d0d2607f72b4f425dabaea7cde5d292ac41aea0c18c78bc6e408fff9e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:aa63717ac3a4961e774ed0baa3a73f01eda185516e7380579d97b9d25764d10d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:1ac9cdfbdce8f7b6e4ebf5e40013f766b71b6dd604c92f602aca96612a228eda_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:d89e9ef65993466d25b26702d0210c14ce191155501774f4d2f1f08dbdad9804_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:5acf34dc4041b694b452d46c2f656db566241773285ca305a79ab7b9dc087b43_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:15df7304827ce49d422554551f08d99cfffa1afc4ffacac145d4399ccb1cbd68_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:90ed03a5e0cb0b0ffd85f7434cc4eda9bd8fe81cd90b597772d9b7caccd4b80f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:aaa03ef0769d38185675db2a7a78454659de14bdebe5ff842614bf2124e5adfe_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:aaaf4f6095294b497889749390f0a3aac04b83131a423799c44b5e367e0b370a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:58bd4ffc3e9599401251ac929cf15c1773ecc03a57177118adbe23ac8d7762af_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:4141db5099ae659270297eb4aaff695ac43fce67d91fea49dbc76583f419d3a1_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:633eeb0b6b50e21bbc0fb12fd2262294733fc9ac8b1e9eedcdb9d1433534d88d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:19dbf2bb83f8a0f35079d6ae25f8fcddad970e48ecb21694fd2d4c553313e4aa_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:93e95f065eadaa41154b9012dd5ddc824607758e2bce85c4256c2689125b80a4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:70d3d46f54b91538e047df62e7e5b161fabac195a2f2e45cdba78215b4c82a7d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1ca6945c3918f1743a4cee86a507f9f6581c8f8e572b6b8739d79a675a64d1db_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:26f8fb5c41ece82626325ba502505ba1ca7986602cc147b492f9857caa0be868_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: archive/tar: github.com/vbatts/tar-split: unbounded memory consumption when reading headers"
},
{
"acknowledgments": [
{
"names": [
"Daniel Abeles"
],
"organization": "Head of Research, Oxeye"
},
{
"names": [
"Gal Goldstein"
],
"organization": "Security Researcher, Oxeye"
}
],
"cve": "CVE-2022-2880",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2022-10-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:362eb32d0d2607f72b4f425dabaea7cde5d292ac41aea0c18c78bc6e408fff9e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:aa63717ac3a4961e774ed0baa3a73f01eda185516e7380579d97b9d25764d10d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:1ac9cdfbdce8f7b6e4ebf5e40013f766b71b6dd604c92f602aca96612a228eda_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:d89e9ef65993466d25b26702d0210c14ce191155501774f4d2f1f08dbdad9804_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:5acf34dc4041b694b452d46c2f656db566241773285ca305a79ab7b9dc087b43_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:15df7304827ce49d422554551f08d99cfffa1afc4ffacac145d4399ccb1cbd68_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:90ed03a5e0cb0b0ffd85f7434cc4eda9bd8fe81cd90b597772d9b7caccd4b80f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:aaa03ef0769d38185675db2a7a78454659de14bdebe5ff842614bf2124e5adfe_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:aaaf4f6095294b497889749390f0a3aac04b83131a423799c44b5e367e0b370a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:58bd4ffc3e9599401251ac929cf15c1773ecc03a57177118adbe23ac8d7762af_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:4141db5099ae659270297eb4aaff695ac43fce67d91fea49dbc76583f419d3a1_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:633eeb0b6b50e21bbc0fb12fd2262294733fc9ac8b1e9eedcdb9d1433534d88d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:19dbf2bb83f8a0f35079d6ae25f8fcddad970e48ecb21694fd2d4c553313e4aa_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:93e95f065eadaa41154b9012dd5ddc824607758e2bce85c4256c2689125b80a4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:70d3d46f54b91538e047df62e7e5b161fabac195a2f2e45cdba78215b4c82a7d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1ca6945c3918f1743a4cee86a507f9f6581c8f8e572b6b8739d79a675a64d1db_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2132868"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After the fix, the reverse proxy sanitizes the query parameters in the forwarded query when the outbound request\u0027s form field is set after the reverse proxy. The director function returns, indicating that the proxy has parsed the query parameters. Proxies that do not parse query parameters continue to forward the original query parameters unchanged.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity to exploit this vulnerability is limited to the Golang runtime. In the case of the OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:26f8fb5c41ece82626325ba502505ba1ca7986602cc147b492f9857caa0be868_amd64"
],
"known_not_affected": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:362eb32d0d2607f72b4f425dabaea7cde5d292ac41aea0c18c78bc6e408fff9e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:aa63717ac3a4961e774ed0baa3a73f01eda185516e7380579d97b9d25764d10d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:1ac9cdfbdce8f7b6e4ebf5e40013f766b71b6dd604c92f602aca96612a228eda_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:d89e9ef65993466d25b26702d0210c14ce191155501774f4d2f1f08dbdad9804_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:5acf34dc4041b694b452d46c2f656db566241773285ca305a79ab7b9dc087b43_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:15df7304827ce49d422554551f08d99cfffa1afc4ffacac145d4399ccb1cbd68_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:90ed03a5e0cb0b0ffd85f7434cc4eda9bd8fe81cd90b597772d9b7caccd4b80f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:aaa03ef0769d38185675db2a7a78454659de14bdebe5ff842614bf2124e5adfe_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:aaaf4f6095294b497889749390f0a3aac04b83131a423799c44b5e367e0b370a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:58bd4ffc3e9599401251ac929cf15c1773ecc03a57177118adbe23ac8d7762af_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:4141db5099ae659270297eb4aaff695ac43fce67d91fea49dbc76583f419d3a1_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:633eeb0b6b50e21bbc0fb12fd2262294733fc9ac8b1e9eedcdb9d1433534d88d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:19dbf2bb83f8a0f35079d6ae25f8fcddad970e48ecb21694fd2d4c553313e4aa_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:93e95f065eadaa41154b9012dd5ddc824607758e2bce85c4256c2689125b80a4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:70d3d46f54b91538e047df62e7e5b161fabac195a2f2e45cdba78215b4c82a7d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1ca6945c3918f1743a4cee86a507f9f6581c8f8e572b6b8739d79a675a64d1db_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-2880"
},
{
"category": "external",
"summary": "RHBZ#2132868",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132868"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-2880",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2880"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2880",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2880"
},
{
"category": "external",
"summary": "https://github.com/golang/go/issues/54663",
"url": "https://github.com/golang/go/issues/54663"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1",
"url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1"
}
],
"release_date": "2022-10-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-02-09T02:17:22+00:00",
"details": "For details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:26f8fb5c41ece82626325ba502505ba1ca7986602cc147b492f9857caa0be868_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0693"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:362eb32d0d2607f72b4f425dabaea7cde5d292ac41aea0c18c78bc6e408fff9e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:aa63717ac3a4961e774ed0baa3a73f01eda185516e7380579d97b9d25764d10d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:1ac9cdfbdce8f7b6e4ebf5e40013f766b71b6dd604c92f602aca96612a228eda_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:d89e9ef65993466d25b26702d0210c14ce191155501774f4d2f1f08dbdad9804_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:5acf34dc4041b694b452d46c2f656db566241773285ca305a79ab7b9dc087b43_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:15df7304827ce49d422554551f08d99cfffa1afc4ffacac145d4399ccb1cbd68_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:90ed03a5e0cb0b0ffd85f7434cc4eda9bd8fe81cd90b597772d9b7caccd4b80f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:aaa03ef0769d38185675db2a7a78454659de14bdebe5ff842614bf2124e5adfe_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:aaaf4f6095294b497889749390f0a3aac04b83131a423799c44b5e367e0b370a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:58bd4ffc3e9599401251ac929cf15c1773ecc03a57177118adbe23ac8d7762af_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:4141db5099ae659270297eb4aaff695ac43fce67d91fea49dbc76583f419d3a1_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:633eeb0b6b50e21bbc0fb12fd2262294733fc9ac8b1e9eedcdb9d1433534d88d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:19dbf2bb83f8a0f35079d6ae25f8fcddad970e48ecb21694fd2d4c553313e4aa_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:93e95f065eadaa41154b9012dd5ddc824607758e2bce85c4256c2689125b80a4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:70d3d46f54b91538e047df62e7e5b161fabac195a2f2e45cdba78215b4c82a7d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1ca6945c3918f1743a4cee86a507f9f6581c8f8e572b6b8739d79a675a64d1db_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:26f8fb5c41ece82626325ba502505ba1ca7986602cc147b492f9857caa0be868_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters"
},
{
"cve": "CVE-2022-27664",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-09-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:362eb32d0d2607f72b4f425dabaea7cde5d292ac41aea0c18c78bc6e408fff9e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:aa63717ac3a4961e774ed0baa3a73f01eda185516e7380579d97b9d25764d10d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:1ac9cdfbdce8f7b6e4ebf5e40013f766b71b6dd604c92f602aca96612a228eda_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:d89e9ef65993466d25b26702d0210c14ce191155501774f4d2f1f08dbdad9804_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:5acf34dc4041b694b452d46c2f656db566241773285ca305a79ab7b9dc087b43_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:90ed03a5e0cb0b0ffd85f7434cc4eda9bd8fe81cd90b597772d9b7caccd4b80f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:aaa03ef0769d38185675db2a7a78454659de14bdebe5ff842614bf2124e5adfe_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:aaaf4f6095294b497889749390f0a3aac04b83131a423799c44b5e367e0b370a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:58bd4ffc3e9599401251ac929cf15c1773ecc03a57177118adbe23ac8d7762af_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:4141db5099ae659270297eb4aaff695ac43fce67d91fea49dbc76583f419d3a1_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:633eeb0b6b50e21bbc0fb12fd2262294733fc9ac8b1e9eedcdb9d1433534d88d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:19dbf2bb83f8a0f35079d6ae25f8fcddad970e48ecb21694fd2d4c553313e4aa_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:93e95f065eadaa41154b9012dd5ddc824607758e2bce85c4256c2689125b80a4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:70d3d46f54b91538e047df62e7e5b161fabac195a2f2e45cdba78215b4c82a7d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1ca6945c3918f1743a4cee86a507f9f6581c8f8e572b6b8739d79a675a64d1db_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2124669"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: handle server errors after sending GOAWAY",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:15df7304827ce49d422554551f08d99cfffa1afc4ffacac145d4399ccb1cbd68_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:26f8fb5c41ece82626325ba502505ba1ca7986602cc147b492f9857caa0be868_amd64"
],
"known_not_affected": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:362eb32d0d2607f72b4f425dabaea7cde5d292ac41aea0c18c78bc6e408fff9e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:aa63717ac3a4961e774ed0baa3a73f01eda185516e7380579d97b9d25764d10d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:1ac9cdfbdce8f7b6e4ebf5e40013f766b71b6dd604c92f602aca96612a228eda_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:d89e9ef65993466d25b26702d0210c14ce191155501774f4d2f1f08dbdad9804_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:5acf34dc4041b694b452d46c2f656db566241773285ca305a79ab7b9dc087b43_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:90ed03a5e0cb0b0ffd85f7434cc4eda9bd8fe81cd90b597772d9b7caccd4b80f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:aaa03ef0769d38185675db2a7a78454659de14bdebe5ff842614bf2124e5adfe_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:aaaf4f6095294b497889749390f0a3aac04b83131a423799c44b5e367e0b370a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:58bd4ffc3e9599401251ac929cf15c1773ecc03a57177118adbe23ac8d7762af_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:4141db5099ae659270297eb4aaff695ac43fce67d91fea49dbc76583f419d3a1_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:633eeb0b6b50e21bbc0fb12fd2262294733fc9ac8b1e9eedcdb9d1433534d88d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:19dbf2bb83f8a0f35079d6ae25f8fcddad970e48ecb21694fd2d4c553313e4aa_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:93e95f065eadaa41154b9012dd5ddc824607758e2bce85c4256c2689125b80a4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:70d3d46f54b91538e047df62e7e5b161fabac195a2f2e45cdba78215b4c82a7d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1ca6945c3918f1743a4cee86a507f9f6581c8f8e572b6b8739d79a675a64d1db_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-27664"
},
{
"category": "external",
"summary": "RHBZ#2124669",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124669"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-27664",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27664"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-27664",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27664"
},
{
"category": "external",
"summary": "https://go.dev/issue/54658",
"url": "https://go.dev/issue/54658"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ",
"url": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ"
}
],
"release_date": "2022-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-02-09T02:17:22+00:00",
"details": "For details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:15df7304827ce49d422554551f08d99cfffa1afc4ffacac145d4399ccb1cbd68_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:26f8fb5c41ece82626325ba502505ba1ca7986602cc147b492f9857caa0be868_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0693"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:362eb32d0d2607f72b4f425dabaea7cde5d292ac41aea0c18c78bc6e408fff9e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:aa63717ac3a4961e774ed0baa3a73f01eda185516e7380579d97b9d25764d10d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:1ac9cdfbdce8f7b6e4ebf5e40013f766b71b6dd604c92f602aca96612a228eda_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:d89e9ef65993466d25b26702d0210c14ce191155501774f4d2f1f08dbdad9804_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:5acf34dc4041b694b452d46c2f656db566241773285ca305a79ab7b9dc087b43_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:15df7304827ce49d422554551f08d99cfffa1afc4ffacac145d4399ccb1cbd68_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:90ed03a5e0cb0b0ffd85f7434cc4eda9bd8fe81cd90b597772d9b7caccd4b80f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:aaa03ef0769d38185675db2a7a78454659de14bdebe5ff842614bf2124e5adfe_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:aaaf4f6095294b497889749390f0a3aac04b83131a423799c44b5e367e0b370a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:58bd4ffc3e9599401251ac929cf15c1773ecc03a57177118adbe23ac8d7762af_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:4141db5099ae659270297eb4aaff695ac43fce67d91fea49dbc76583f419d3a1_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:633eeb0b6b50e21bbc0fb12fd2262294733fc9ac8b1e9eedcdb9d1433534d88d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:19dbf2bb83f8a0f35079d6ae25f8fcddad970e48ecb21694fd2d4c553313e4aa_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:93e95f065eadaa41154b9012dd5ddc824607758e2bce85c4256c2689125b80a4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:70d3d46f54b91538e047df62e7e5b161fabac195a2f2e45cdba78215b4c82a7d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1ca6945c3918f1743a4cee86a507f9f6581c8f8e572b6b8739d79a675a64d1db_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:26f8fb5c41ece82626325ba502505ba1ca7986602cc147b492f9857caa0be868_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: handle server errors after sending GOAWAY"
},
{
"cve": "CVE-2022-32149",
"cwe": {
"id": "CWE-407",
"name": "Inefficient Algorithmic Complexity"
},
"discovery_date": "2022-10-12T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:362eb32d0d2607f72b4f425dabaea7cde5d292ac41aea0c18c78bc6e408fff9e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:aa63717ac3a4961e774ed0baa3a73f01eda185516e7380579d97b9d25764d10d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:1ac9cdfbdce8f7b6e4ebf5e40013f766b71b6dd604c92f602aca96612a228eda_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:d89e9ef65993466d25b26702d0210c14ce191155501774f4d2f1f08dbdad9804_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:5acf34dc4041b694b452d46c2f656db566241773285ca305a79ab7b9dc087b43_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:15df7304827ce49d422554551f08d99cfffa1afc4ffacac145d4399ccb1cbd68_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:90ed03a5e0cb0b0ffd85f7434cc4eda9bd8fe81cd90b597772d9b7caccd4b80f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:aaa03ef0769d38185675db2a7a78454659de14bdebe5ff842614bf2124e5adfe_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:aaaf4f6095294b497889749390f0a3aac04b83131a423799c44b5e367e0b370a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:58bd4ffc3e9599401251ac929cf15c1773ecc03a57177118adbe23ac8d7762af_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:4141db5099ae659270297eb4aaff695ac43fce67d91fea49dbc76583f419d3a1_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:633eeb0b6b50e21bbc0fb12fd2262294733fc9ac8b1e9eedcdb9d1433534d88d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:19dbf2bb83f8a0f35079d6ae25f8fcddad970e48ecb21694fd2d4c553313e4aa_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:93e95f065eadaa41154b9012dd5ddc824607758e2bce85c4256c2689125b80a4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:70d3d46f54b91538e047df62e7e5b161fabac195a2f2e45cdba78215b4c82a7d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:26f8fb5c41ece82626325ba502505ba1ca7986602cc147b492f9857caa0be868_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2134010"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in the golang.org/x/text/language package. An attacker can craft an Accept-Language header which ParseAcceptLanguage will take significant time to parse. This issue leads to a denial of service, and can impact availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "After careful analysis of the vulnerability Redhat is choosing to keep the vulnerability severity as moderate,the vulnerability exists in the ParseAcceptLanguage function of the golang text/language package,when an attacker could craft an unusually large accept header and due to the parser taking quadratic time complexity to finish, firstly the attacker would have to find a way smuggle an input to the parser and even then this would simply not result in a crash of any kind but more of resource hang which while can be unpleasant,does not equate to any real world damage.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1ca6945c3918f1743a4cee86a507f9f6581c8f8e572b6b8739d79a675a64d1db_amd64"
],
"known_not_affected": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:362eb32d0d2607f72b4f425dabaea7cde5d292ac41aea0c18c78bc6e408fff9e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:aa63717ac3a4961e774ed0baa3a73f01eda185516e7380579d97b9d25764d10d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:1ac9cdfbdce8f7b6e4ebf5e40013f766b71b6dd604c92f602aca96612a228eda_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:d89e9ef65993466d25b26702d0210c14ce191155501774f4d2f1f08dbdad9804_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:5acf34dc4041b694b452d46c2f656db566241773285ca305a79ab7b9dc087b43_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:15df7304827ce49d422554551f08d99cfffa1afc4ffacac145d4399ccb1cbd68_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:90ed03a5e0cb0b0ffd85f7434cc4eda9bd8fe81cd90b597772d9b7caccd4b80f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:aaa03ef0769d38185675db2a7a78454659de14bdebe5ff842614bf2124e5adfe_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:aaaf4f6095294b497889749390f0a3aac04b83131a423799c44b5e367e0b370a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:58bd4ffc3e9599401251ac929cf15c1773ecc03a57177118adbe23ac8d7762af_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:4141db5099ae659270297eb4aaff695ac43fce67d91fea49dbc76583f419d3a1_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:633eeb0b6b50e21bbc0fb12fd2262294733fc9ac8b1e9eedcdb9d1433534d88d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:19dbf2bb83f8a0f35079d6ae25f8fcddad970e48ecb21694fd2d4c553313e4aa_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:93e95f065eadaa41154b9012dd5ddc824607758e2bce85c4256c2689125b80a4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:70d3d46f54b91538e047df62e7e5b161fabac195a2f2e45cdba78215b4c82a7d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:26f8fb5c41ece82626325ba502505ba1ca7986602cc147b492f9857caa0be868_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-32149"
},
{
"category": "external",
"summary": "RHBZ#2134010",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134010"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-32149",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32149"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32149",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32149"
},
{
"category": "external",
"summary": "https://go.dev/issue/56152",
"url": "https://go.dev/issue/56152"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-dev/c/qfPIly0X7aU",
"url": "https://groups.google.com/g/golang-dev/c/qfPIly0X7aU"
}
],
"release_date": "2022-10-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-02-09T02:17:22+00:00",
"details": "For details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1ca6945c3918f1743a4cee86a507f9f6581c8f8e572b6b8739d79a675a64d1db_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0693"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:362eb32d0d2607f72b4f425dabaea7cde5d292ac41aea0c18c78bc6e408fff9e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:aa63717ac3a4961e774ed0baa3a73f01eda185516e7380579d97b9d25764d10d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:1ac9cdfbdce8f7b6e4ebf5e40013f766b71b6dd604c92f602aca96612a228eda_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:d89e9ef65993466d25b26702d0210c14ce191155501774f4d2f1f08dbdad9804_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:5acf34dc4041b694b452d46c2f656db566241773285ca305a79ab7b9dc087b43_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:15df7304827ce49d422554551f08d99cfffa1afc4ffacac145d4399ccb1cbd68_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:90ed03a5e0cb0b0ffd85f7434cc4eda9bd8fe81cd90b597772d9b7caccd4b80f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:aaa03ef0769d38185675db2a7a78454659de14bdebe5ff842614bf2124e5adfe_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:aaaf4f6095294b497889749390f0a3aac04b83131a423799c44b5e367e0b370a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:58bd4ffc3e9599401251ac929cf15c1773ecc03a57177118adbe23ac8d7762af_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:4141db5099ae659270297eb4aaff695ac43fce67d91fea49dbc76583f419d3a1_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:633eeb0b6b50e21bbc0fb12fd2262294733fc9ac8b1e9eedcdb9d1433534d88d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:19dbf2bb83f8a0f35079d6ae25f8fcddad970e48ecb21694fd2d4c553313e4aa_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:93e95f065eadaa41154b9012dd5ddc824607758e2bce85c4256c2689125b80a4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:70d3d46f54b91538e047df62e7e5b161fabac195a2f2e45cdba78215b4c82a7d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1ca6945c3918f1743a4cee86a507f9f6581c8f8e572b6b8739d79a675a64d1db_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:26f8fb5c41ece82626325ba502505ba1ca7986602cc147b492f9857caa0be868_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags"
},
{
"cve": "CVE-2022-32189",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-08-02T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:362eb32d0d2607f72b4f425dabaea7cde5d292ac41aea0c18c78bc6e408fff9e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:aa63717ac3a4961e774ed0baa3a73f01eda185516e7380579d97b9d25764d10d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:1ac9cdfbdce8f7b6e4ebf5e40013f766b71b6dd604c92f602aca96612a228eda_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:d89e9ef65993466d25b26702d0210c14ce191155501774f4d2f1f08dbdad9804_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:5acf34dc4041b694b452d46c2f656db566241773285ca305a79ab7b9dc087b43_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:15df7304827ce49d422554551f08d99cfffa1afc4ffacac145d4399ccb1cbd68_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:90ed03a5e0cb0b0ffd85f7434cc4eda9bd8fe81cd90b597772d9b7caccd4b80f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:aaa03ef0769d38185675db2a7a78454659de14bdebe5ff842614bf2124e5adfe_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:aaaf4f6095294b497889749390f0a3aac04b83131a423799c44b5e367e0b370a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:58bd4ffc3e9599401251ac929cf15c1773ecc03a57177118adbe23ac8d7762af_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:4141db5099ae659270297eb4aaff695ac43fce67d91fea49dbc76583f419d3a1_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:633eeb0b6b50e21bbc0fb12fd2262294733fc9ac8b1e9eedcdb9d1433534d88d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:19dbf2bb83f8a0f35079d6ae25f8fcddad970e48ecb21694fd2d4c553313e4aa_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:93e95f065eadaa41154b9012dd5ddc824607758e2bce85c4256c2689125b80a4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:70d3d46f54b91538e047df62e7e5b161fabac195a2f2e45cdba78215b4c82a7d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1ca6945c3918f1743a4cee86a507f9f6581c8f8e572b6b8739d79a675a64d1db_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2113814"
}
],
"notes": [
{
"category": "description",
"text": "An uncontrolled resource consumption flaw was found in Golang math/big. A too-short encoded message can cause a panic in Float.GobDecode and Rat.GobDecode in math/big in Go, potentially allowing an attacker to create a denial of service, impacting availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw stems from a particular and specific method (GoBDecode) which isn\u0027t commonly used. There are few components within Red Hat offerings which call this function. In rare cases where this method is called, the component limits possible damage or it is not possible to be triggered by an attacker. For these combined reasons the impact has been downgraded to Low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:26f8fb5c41ece82626325ba502505ba1ca7986602cc147b492f9857caa0be868_amd64"
],
"known_not_affected": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:362eb32d0d2607f72b4f425dabaea7cde5d292ac41aea0c18c78bc6e408fff9e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:aa63717ac3a4961e774ed0baa3a73f01eda185516e7380579d97b9d25764d10d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:1ac9cdfbdce8f7b6e4ebf5e40013f766b71b6dd604c92f602aca96612a228eda_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:d89e9ef65993466d25b26702d0210c14ce191155501774f4d2f1f08dbdad9804_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:5acf34dc4041b694b452d46c2f656db566241773285ca305a79ab7b9dc087b43_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:15df7304827ce49d422554551f08d99cfffa1afc4ffacac145d4399ccb1cbd68_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:90ed03a5e0cb0b0ffd85f7434cc4eda9bd8fe81cd90b597772d9b7caccd4b80f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:aaa03ef0769d38185675db2a7a78454659de14bdebe5ff842614bf2124e5adfe_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:aaaf4f6095294b497889749390f0a3aac04b83131a423799c44b5e367e0b370a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:58bd4ffc3e9599401251ac929cf15c1773ecc03a57177118adbe23ac8d7762af_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:4141db5099ae659270297eb4aaff695ac43fce67d91fea49dbc76583f419d3a1_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:633eeb0b6b50e21bbc0fb12fd2262294733fc9ac8b1e9eedcdb9d1433534d88d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:19dbf2bb83f8a0f35079d6ae25f8fcddad970e48ecb21694fd2d4c553313e4aa_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:93e95f065eadaa41154b9012dd5ddc824607758e2bce85c4256c2689125b80a4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:70d3d46f54b91538e047df62e7e5b161fabac195a2f2e45cdba78215b4c82a7d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1ca6945c3918f1743a4cee86a507f9f6581c8f8e572b6b8739d79a675a64d1db_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-32189"
},
{
"category": "external",
"summary": "RHBZ#2113814",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2113814"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-32189",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32189"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32189",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32189"
},
{
"category": "external",
"summary": "https://go.dev/issue/53871",
"url": "https://go.dev/issue/53871"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-nuts/c/DCFSyTGM0wU",
"url": "https://groups.google.com/g/golang-nuts/c/DCFSyTGM0wU"
}
],
"release_date": "2022-08-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-02-09T02:17:22+00:00",
"details": "For details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:26f8fb5c41ece82626325ba502505ba1ca7986602cc147b492f9857caa0be868_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0693"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:362eb32d0d2607f72b4f425dabaea7cde5d292ac41aea0c18c78bc6e408fff9e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:aa63717ac3a4961e774ed0baa3a73f01eda185516e7380579d97b9d25764d10d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:1ac9cdfbdce8f7b6e4ebf5e40013f766b71b6dd604c92f602aca96612a228eda_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:d89e9ef65993466d25b26702d0210c14ce191155501774f4d2f1f08dbdad9804_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:5acf34dc4041b694b452d46c2f656db566241773285ca305a79ab7b9dc087b43_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:15df7304827ce49d422554551f08d99cfffa1afc4ffacac145d4399ccb1cbd68_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:90ed03a5e0cb0b0ffd85f7434cc4eda9bd8fe81cd90b597772d9b7caccd4b80f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:aaa03ef0769d38185675db2a7a78454659de14bdebe5ff842614bf2124e5adfe_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:aaaf4f6095294b497889749390f0a3aac04b83131a423799c44b5e367e0b370a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:58bd4ffc3e9599401251ac929cf15c1773ecc03a57177118adbe23ac8d7762af_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:4141db5099ae659270297eb4aaff695ac43fce67d91fea49dbc76583f419d3a1_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:633eeb0b6b50e21bbc0fb12fd2262294733fc9ac8b1e9eedcdb9d1433534d88d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:19dbf2bb83f8a0f35079d6ae25f8fcddad970e48ecb21694fd2d4c553313e4aa_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:93e95f065eadaa41154b9012dd5ddc824607758e2bce85c4256c2689125b80a4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:70d3d46f54b91538e047df62e7e5b161fabac195a2f2e45cdba78215b4c82a7d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1ca6945c3918f1743a4cee86a507f9f6581c8f8e572b6b8739d79a675a64d1db_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:26f8fb5c41ece82626325ba502505ba1ca7986602cc147b492f9857caa0be868_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:362eb32d0d2607f72b4f425dabaea7cde5d292ac41aea0c18c78bc6e408fff9e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:aa63717ac3a4961e774ed0baa3a73f01eda185516e7380579d97b9d25764d10d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:1ac9cdfbdce8f7b6e4ebf5e40013f766b71b6dd604c92f602aca96612a228eda_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:d89e9ef65993466d25b26702d0210c14ce191155501774f4d2f1f08dbdad9804_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:5acf34dc4041b694b452d46c2f656db566241773285ca305a79ab7b9dc087b43_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:15df7304827ce49d422554551f08d99cfffa1afc4ffacac145d4399ccb1cbd68_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:90ed03a5e0cb0b0ffd85f7434cc4eda9bd8fe81cd90b597772d9b7caccd4b80f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:aaa03ef0769d38185675db2a7a78454659de14bdebe5ff842614bf2124e5adfe_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:aaaf4f6095294b497889749390f0a3aac04b83131a423799c44b5e367e0b370a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:58bd4ffc3e9599401251ac929cf15c1773ecc03a57177118adbe23ac8d7762af_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:4141db5099ae659270297eb4aaff695ac43fce67d91fea49dbc76583f419d3a1_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:633eeb0b6b50e21bbc0fb12fd2262294733fc9ac8b1e9eedcdb9d1433534d88d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:19dbf2bb83f8a0f35079d6ae25f8fcddad970e48ecb21694fd2d4c553313e4aa_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:93e95f065eadaa41154b9012dd5ddc824607758e2bce85c4256c2689125b80a4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:70d3d46f54b91538e047df62e7e5b161fabac195a2f2e45cdba78215b4c82a7d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1ca6945c3918f1743a4cee86a507f9f6581c8f8e572b6b8739d79a675a64d1db_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:26f8fb5c41ece82626325ba502505ba1ca7986602cc147b492f9857caa0be868_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service"
},
{
"cve": "CVE-2022-32190",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2022-09-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:362eb32d0d2607f72b4f425dabaea7cde5d292ac41aea0c18c78bc6e408fff9e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:aa63717ac3a4961e774ed0baa3a73f01eda185516e7380579d97b9d25764d10d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:1ac9cdfbdce8f7b6e4ebf5e40013f766b71b6dd604c92f602aca96612a228eda_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:d89e9ef65993466d25b26702d0210c14ce191155501774f4d2f1f08dbdad9804_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:5acf34dc4041b694b452d46c2f656db566241773285ca305a79ab7b9dc087b43_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:15df7304827ce49d422554551f08d99cfffa1afc4ffacac145d4399ccb1cbd68_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:90ed03a5e0cb0b0ffd85f7434cc4eda9bd8fe81cd90b597772d9b7caccd4b80f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:aaa03ef0769d38185675db2a7a78454659de14bdebe5ff842614bf2124e5adfe_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:aaaf4f6095294b497889749390f0a3aac04b83131a423799c44b5e367e0b370a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:58bd4ffc3e9599401251ac929cf15c1773ecc03a57177118adbe23ac8d7762af_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:4141db5099ae659270297eb4aaff695ac43fce67d91fea49dbc76583f419d3a1_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:633eeb0b6b50e21bbc0fb12fd2262294733fc9ac8b1e9eedcdb9d1433534d88d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:19dbf2bb83f8a0f35079d6ae25f8fcddad970e48ecb21694fd2d4c553313e4aa_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:93e95f065eadaa41154b9012dd5ddc824607758e2bce85c4256c2689125b80a4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:70d3d46f54b91538e047df62e7e5b161fabac195a2f2e45cdba78215b4c82a7d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1ca6945c3918f1743a4cee86a507f9f6581c8f8e572b6b8739d79a675a64d1db_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2124668"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package. The JoinPath doesn\u0027t remove the ../ path components appended to a domain that is not terminated by a slash, possibly leading to a directory traversal attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: JoinPath does not strip relative path components in all circumstances",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The vulnerable functions, JoinPath and URL.JoinPath was introduced in upstream go1.19, whereas, RHEL ships go1.17 and go1.18 versions, which does not contain the vulnerable code. Hence, packages shipped with RHEL-8, RHEL-9 are not affected.\n\nAll Y stream releases of OpenShift Container Platform 4 run on RHEL-8 or RHEL-9, so OCP 4 is also not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:26f8fb5c41ece82626325ba502505ba1ca7986602cc147b492f9857caa0be868_amd64"
],
"known_not_affected": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:362eb32d0d2607f72b4f425dabaea7cde5d292ac41aea0c18c78bc6e408fff9e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:aa63717ac3a4961e774ed0baa3a73f01eda185516e7380579d97b9d25764d10d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:1ac9cdfbdce8f7b6e4ebf5e40013f766b71b6dd604c92f602aca96612a228eda_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:d89e9ef65993466d25b26702d0210c14ce191155501774f4d2f1f08dbdad9804_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:5acf34dc4041b694b452d46c2f656db566241773285ca305a79ab7b9dc087b43_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:15df7304827ce49d422554551f08d99cfffa1afc4ffacac145d4399ccb1cbd68_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:90ed03a5e0cb0b0ffd85f7434cc4eda9bd8fe81cd90b597772d9b7caccd4b80f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:aaa03ef0769d38185675db2a7a78454659de14bdebe5ff842614bf2124e5adfe_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:aaaf4f6095294b497889749390f0a3aac04b83131a423799c44b5e367e0b370a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:58bd4ffc3e9599401251ac929cf15c1773ecc03a57177118adbe23ac8d7762af_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:4141db5099ae659270297eb4aaff695ac43fce67d91fea49dbc76583f419d3a1_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:633eeb0b6b50e21bbc0fb12fd2262294733fc9ac8b1e9eedcdb9d1433534d88d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:19dbf2bb83f8a0f35079d6ae25f8fcddad970e48ecb21694fd2d4c553313e4aa_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:93e95f065eadaa41154b9012dd5ddc824607758e2bce85c4256c2689125b80a4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:70d3d46f54b91538e047df62e7e5b161fabac195a2f2e45cdba78215b4c82a7d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1ca6945c3918f1743a4cee86a507f9f6581c8f8e572b6b8739d79a675a64d1db_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-32190"
},
{
"category": "external",
"summary": "RHBZ#2124668",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124668"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-32190",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32190"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32190",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32190"
},
{
"category": "external",
"summary": "https://go.dev/issue/54385",
"url": "https://go.dev/issue/54385"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ",
"url": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ"
}
],
"release_date": "2022-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-02-09T02:17:22+00:00",
"details": "For details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:26f8fb5c41ece82626325ba502505ba1ca7986602cc147b492f9857caa0be868_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0693"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:362eb32d0d2607f72b4f425dabaea7cde5d292ac41aea0c18c78bc6e408fff9e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:aa63717ac3a4961e774ed0baa3a73f01eda185516e7380579d97b9d25764d10d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:1ac9cdfbdce8f7b6e4ebf5e40013f766b71b6dd604c92f602aca96612a228eda_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:d89e9ef65993466d25b26702d0210c14ce191155501774f4d2f1f08dbdad9804_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:5acf34dc4041b694b452d46c2f656db566241773285ca305a79ab7b9dc087b43_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:15df7304827ce49d422554551f08d99cfffa1afc4ffacac145d4399ccb1cbd68_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:90ed03a5e0cb0b0ffd85f7434cc4eda9bd8fe81cd90b597772d9b7caccd4b80f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:aaa03ef0769d38185675db2a7a78454659de14bdebe5ff842614bf2124e5adfe_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:aaaf4f6095294b497889749390f0a3aac04b83131a423799c44b5e367e0b370a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:58bd4ffc3e9599401251ac929cf15c1773ecc03a57177118adbe23ac8d7762af_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:4141db5099ae659270297eb4aaff695ac43fce67d91fea49dbc76583f419d3a1_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:633eeb0b6b50e21bbc0fb12fd2262294733fc9ac8b1e9eedcdb9d1433534d88d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:19dbf2bb83f8a0f35079d6ae25f8fcddad970e48ecb21694fd2d4c553313e4aa_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:93e95f065eadaa41154b9012dd5ddc824607758e2bce85c4256c2689125b80a4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:70d3d46f54b91538e047df62e7e5b161fabac195a2f2e45cdba78215b4c82a7d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1ca6945c3918f1743a4cee86a507f9f6581c8f8e572b6b8739d79a675a64d1db_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:26f8fb5c41ece82626325ba502505ba1ca7986602cc147b492f9857caa0be868_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/url: JoinPath does not strip relative path components in all circumstances"
},
{
"acknowledgments": [
{
"names": [
"Adam Korczynski"
],
"organization": "ADA Logics"
},
{
"names": [
"OSS-Fuzz"
]
}
],
"cve": "CVE-2022-41715",
"discovery_date": "2022-10-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:362eb32d0d2607f72b4f425dabaea7cde5d292ac41aea0c18c78bc6e408fff9e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:aa63717ac3a4961e774ed0baa3a73f01eda185516e7380579d97b9d25764d10d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:1ac9cdfbdce8f7b6e4ebf5e40013f766b71b6dd604c92f602aca96612a228eda_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:d89e9ef65993466d25b26702d0210c14ce191155501774f4d2f1f08dbdad9804_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:5acf34dc4041b694b452d46c2f656db566241773285ca305a79ab7b9dc087b43_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:15df7304827ce49d422554551f08d99cfffa1afc4ffacac145d4399ccb1cbd68_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:90ed03a5e0cb0b0ffd85f7434cc4eda9bd8fe81cd90b597772d9b7caccd4b80f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:aaa03ef0769d38185675db2a7a78454659de14bdebe5ff842614bf2124e5adfe_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:aaaf4f6095294b497889749390f0a3aac04b83131a423799c44b5e367e0b370a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:58bd4ffc3e9599401251ac929cf15c1773ecc03a57177118adbe23ac8d7762af_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:4141db5099ae659270297eb4aaff695ac43fce67d91fea49dbc76583f419d3a1_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:633eeb0b6b50e21bbc0fb12fd2262294733fc9ac8b1e9eedcdb9d1433534d88d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:19dbf2bb83f8a0f35079d6ae25f8fcddad970e48ecb21694fd2d4c553313e4aa_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:93e95f065eadaa41154b9012dd5ddc824607758e2bce85c4256c2689125b80a4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:70d3d46f54b91538e047df62e7e5b161fabac195a2f2e45cdba78215b4c82a7d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1ca6945c3918f1743a4cee86a507f9f6581c8f8e572b6b8739d79a675a64d1db_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2132872"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package, where programs that compile regular expressions from untrusted sources are vulnerable to memory exhaustion or a denial of service. The parsed regexp representation is linear in the input size. Still, in some cases, the constant factor can be as high as 40,000, making a relatively small regexp consume larger amounts of memory. After the fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Routine use of regular expressions is unaffected.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: regexp/syntax: limit memory used by parsing regexps",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:26f8fb5c41ece82626325ba502505ba1ca7986602cc147b492f9857caa0be868_amd64"
],
"known_not_affected": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:362eb32d0d2607f72b4f425dabaea7cde5d292ac41aea0c18c78bc6e408fff9e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:aa63717ac3a4961e774ed0baa3a73f01eda185516e7380579d97b9d25764d10d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:1ac9cdfbdce8f7b6e4ebf5e40013f766b71b6dd604c92f602aca96612a228eda_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:d89e9ef65993466d25b26702d0210c14ce191155501774f4d2f1f08dbdad9804_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:5acf34dc4041b694b452d46c2f656db566241773285ca305a79ab7b9dc087b43_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:15df7304827ce49d422554551f08d99cfffa1afc4ffacac145d4399ccb1cbd68_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:90ed03a5e0cb0b0ffd85f7434cc4eda9bd8fe81cd90b597772d9b7caccd4b80f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:aaa03ef0769d38185675db2a7a78454659de14bdebe5ff842614bf2124e5adfe_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:aaaf4f6095294b497889749390f0a3aac04b83131a423799c44b5e367e0b370a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:58bd4ffc3e9599401251ac929cf15c1773ecc03a57177118adbe23ac8d7762af_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:4141db5099ae659270297eb4aaff695ac43fce67d91fea49dbc76583f419d3a1_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:633eeb0b6b50e21bbc0fb12fd2262294733fc9ac8b1e9eedcdb9d1433534d88d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:19dbf2bb83f8a0f35079d6ae25f8fcddad970e48ecb21694fd2d4c553313e4aa_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:93e95f065eadaa41154b9012dd5ddc824607758e2bce85c4256c2689125b80a4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:70d3d46f54b91538e047df62e7e5b161fabac195a2f2e45cdba78215b4c82a7d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1ca6945c3918f1743a4cee86a507f9f6581c8f8e572b6b8739d79a675a64d1db_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41715"
},
{
"category": "external",
"summary": "RHBZ#2132872",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132872"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41715",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41715"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41715",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41715"
},
{
"category": "external",
"summary": "https://github.com/golang/go/issues/55949",
"url": "https://github.com/golang/go/issues/55949"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1",
"url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1"
}
],
"release_date": "2022-10-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-02-09T02:17:22+00:00",
"details": "For details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:26f8fb5c41ece82626325ba502505ba1ca7986602cc147b492f9857caa0be868_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0693"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:362eb32d0d2607f72b4f425dabaea7cde5d292ac41aea0c18c78bc6e408fff9e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:aa63717ac3a4961e774ed0baa3a73f01eda185516e7380579d97b9d25764d10d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:1ac9cdfbdce8f7b6e4ebf5e40013f766b71b6dd604c92f602aca96612a228eda_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:d89e9ef65993466d25b26702d0210c14ce191155501774f4d2f1f08dbdad9804_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:5acf34dc4041b694b452d46c2f656db566241773285ca305a79ab7b9dc087b43_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:15df7304827ce49d422554551f08d99cfffa1afc4ffacac145d4399ccb1cbd68_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:90ed03a5e0cb0b0ffd85f7434cc4eda9bd8fe81cd90b597772d9b7caccd4b80f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:aaa03ef0769d38185675db2a7a78454659de14bdebe5ff842614bf2124e5adfe_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:aaaf4f6095294b497889749390f0a3aac04b83131a423799c44b5e367e0b370a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:58bd4ffc3e9599401251ac929cf15c1773ecc03a57177118adbe23ac8d7762af_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:4141db5099ae659270297eb4aaff695ac43fce67d91fea49dbc76583f419d3a1_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:633eeb0b6b50e21bbc0fb12fd2262294733fc9ac8b1e9eedcdb9d1433534d88d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:19dbf2bb83f8a0f35079d6ae25f8fcddad970e48ecb21694fd2d4c553313e4aa_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:93e95f065eadaa41154b9012dd5ddc824607758e2bce85c4256c2689125b80a4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:70d3d46f54b91538e047df62e7e5b161fabac195a2f2e45cdba78215b4c82a7d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1ca6945c3918f1743a4cee86a507f9f6581c8f8e572b6b8739d79a675a64d1db_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:26f8fb5c41ece82626325ba502505ba1ca7986602cc147b492f9857caa0be868_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: regexp/syntax: limit memory used by parsing regexps"
},
{
"cve": "CVE-2022-41717",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-01-16T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:aa63717ac3a4961e774ed0baa3a73f01eda185516e7380579d97b9d25764d10d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:1ac9cdfbdce8f7b6e4ebf5e40013f766b71b6dd604c92f602aca96612a228eda_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:d89e9ef65993466d25b26702d0210c14ce191155501774f4d2f1f08dbdad9804_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:15df7304827ce49d422554551f08d99cfffa1afc4ffacac145d4399ccb1cbd68_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:90ed03a5e0cb0b0ffd85f7434cc4eda9bd8fe81cd90b597772d9b7caccd4b80f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:aaaf4f6095294b497889749390f0a3aac04b83131a423799c44b5e367e0b370a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:58bd4ffc3e9599401251ac929cf15c1773ecc03a57177118adbe23ac8d7762af_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:4141db5099ae659270297eb4aaff695ac43fce67d91fea49dbc76583f419d3a1_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2161274"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Within Red Hat OpenShift Container Platform, the grafana container is listed as will not fix. Since OCP 4.10, Grafana itself is not shipped and the Grafana web server is protected behind an OAuth proxy server.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:362eb32d0d2607f72b4f425dabaea7cde5d292ac41aea0c18c78bc6e408fff9e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:5acf34dc4041b694b452d46c2f656db566241773285ca305a79ab7b9dc087b43_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:aaa03ef0769d38185675db2a7a78454659de14bdebe5ff842614bf2124e5adfe_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:633eeb0b6b50e21bbc0fb12fd2262294733fc9ac8b1e9eedcdb9d1433534d88d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:19dbf2bb83f8a0f35079d6ae25f8fcddad970e48ecb21694fd2d4c553313e4aa_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:93e95f065eadaa41154b9012dd5ddc824607758e2bce85c4256c2689125b80a4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:70d3d46f54b91538e047df62e7e5b161fabac195a2f2e45cdba78215b4c82a7d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1ca6945c3918f1743a4cee86a507f9f6581c8f8e572b6b8739d79a675a64d1db_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:26f8fb5c41ece82626325ba502505ba1ca7986602cc147b492f9857caa0be868_amd64"
],
"known_not_affected": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:aa63717ac3a4961e774ed0baa3a73f01eda185516e7380579d97b9d25764d10d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:1ac9cdfbdce8f7b6e4ebf5e40013f766b71b6dd604c92f602aca96612a228eda_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:d89e9ef65993466d25b26702d0210c14ce191155501774f4d2f1f08dbdad9804_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:15df7304827ce49d422554551f08d99cfffa1afc4ffacac145d4399ccb1cbd68_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:90ed03a5e0cb0b0ffd85f7434cc4eda9bd8fe81cd90b597772d9b7caccd4b80f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:aaaf4f6095294b497889749390f0a3aac04b83131a423799c44b5e367e0b370a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:58bd4ffc3e9599401251ac929cf15c1773ecc03a57177118adbe23ac8d7762af_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:4141db5099ae659270297eb4aaff695ac43fce67d91fea49dbc76583f419d3a1_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41717"
},
{
"category": "external",
"summary": "RHBZ#2161274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161274"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41717",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41717"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41717",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41717"
},
{
"category": "external",
"summary": "https://go.dev/cl/455635",
"url": "https://go.dev/cl/455635"
},
{
"category": "external",
"summary": "https://go.dev/cl/455717",
"url": "https://go.dev/cl/455717"
},
{
"category": "external",
"summary": "https://go.dev/issue/56350",
"url": "https://go.dev/issue/56350"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ",
"url": "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2022-1144",
"url": "https://pkg.go.dev/vuln/GO-2022-1144"
}
],
"release_date": "2022-11-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-02-09T02:17:22+00:00",
"details": "For details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:362eb32d0d2607f72b4f425dabaea7cde5d292ac41aea0c18c78bc6e408fff9e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:5acf34dc4041b694b452d46c2f656db566241773285ca305a79ab7b9dc087b43_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:aaa03ef0769d38185675db2a7a78454659de14bdebe5ff842614bf2124e5adfe_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:633eeb0b6b50e21bbc0fb12fd2262294733fc9ac8b1e9eedcdb9d1433534d88d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:19dbf2bb83f8a0f35079d6ae25f8fcddad970e48ecb21694fd2d4c553313e4aa_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:93e95f065eadaa41154b9012dd5ddc824607758e2bce85c4256c2689125b80a4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:70d3d46f54b91538e047df62e7e5b161fabac195a2f2e45cdba78215b4c82a7d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1ca6945c3918f1743a4cee86a507f9f6581c8f8e572b6b8739d79a675a64d1db_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:26f8fb5c41ece82626325ba502505ba1ca7986602cc147b492f9857caa0be868_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0693"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:362eb32d0d2607f72b4f425dabaea7cde5d292ac41aea0c18c78bc6e408fff9e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:aa63717ac3a4961e774ed0baa3a73f01eda185516e7380579d97b9d25764d10d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:1ac9cdfbdce8f7b6e4ebf5e40013f766b71b6dd604c92f602aca96612a228eda_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:d89e9ef65993466d25b26702d0210c14ce191155501774f4d2f1f08dbdad9804_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:5acf34dc4041b694b452d46c2f656db566241773285ca305a79ab7b9dc087b43_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:15df7304827ce49d422554551f08d99cfffa1afc4ffacac145d4399ccb1cbd68_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:90ed03a5e0cb0b0ffd85f7434cc4eda9bd8fe81cd90b597772d9b7caccd4b80f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:aaa03ef0769d38185675db2a7a78454659de14bdebe5ff842614bf2124e5adfe_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:aaaf4f6095294b497889749390f0a3aac04b83131a423799c44b5e367e0b370a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:58bd4ffc3e9599401251ac929cf15c1773ecc03a57177118adbe23ac8d7762af_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:4141db5099ae659270297eb4aaff695ac43fce67d91fea49dbc76583f419d3a1_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:633eeb0b6b50e21bbc0fb12fd2262294733fc9ac8b1e9eedcdb9d1433534d88d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:19dbf2bb83f8a0f35079d6ae25f8fcddad970e48ecb21694fd2d4c553313e4aa_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:93e95f065eadaa41154b9012dd5ddc824607758e2bce85c4256c2689125b80a4_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:70d3d46f54b91538e047df62e7e5b161fabac195a2f2e45cdba78215b4c82a7d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1ca6945c3918f1743a4cee86a507f9f6581c8f8e572b6b8739d79a675a64d1db_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:26f8fb5c41ece82626325ba502505ba1ca7986602cc147b492f9857caa0be868_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests"
}
]
}
RHSA-2023:3645
Vulnerability from csaf_redhat - Published: 2023-06-15 20:55 - Updated: 2026-06-05 18:47Summary
Red Hat Security Advisory: Red Hat OpenShift Service Mesh 2.2.7 security update
Severity
Moderate
Notes
Topic: Red Hat OpenShift Service Mesh 2.2.7
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation.
This advisory covers the RPM packages for the release.
Security Fix(es):
* mongo-go-driver: specific cstrings input may not be properly validated (CVE-2021-20329)
* async: Prototype Pollution in async (CVE-2021-43138)
* express: "qs" prototype poisoning causes the hang of the node process (CVE-2022-24999)
* terser: insecure use of regular expressions leads to ReDoS (CVE-2022-25858)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Mongo. Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshaling Go objects into BSON. This flaw allows a malicious user to use a Go object with a specific string to inject additional fields into marshaled documents.
6.5 (Medium)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:2371e4effbf6a4846599729701de09a5613a2df29fee9858b0526470d63a5eb7_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:a2e263be450ab7c304d5b9a79d13e8f65a2b82d259034fc34b8f69cfa8029601_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:f5d874b252b5fa89e85db384b81096cd84fbfafc593532bb6ea0175f680115c7_ppc64le | — |
Vendor Fix
fix
|
Known not affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:ce1247898969a1865d5d7eb865f659131d6dc58e78aecfc31c59615dc21dd48e_s390x | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:ce4f38fd64e2e1944e037097b3af9d5b8645f7fc5856b74cba00f94a1a60471f_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:f496643a0600a632a3ce216d67634cff9e6174aeb4d113743fd0443a40b535d9_amd64 | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:3f410cd41ea91e0014d1cf8d7f3decb3bf0e3db5e9aa2612480a76f6797aa3b5_amd64 | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:47720497b1bb8ee24993260359294eeeafdd888c71ccca6cb12d526e5c3a4a13_s390x | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:8abbc8a247ff6de3e5b212e6a2b0203600555e1f3f0c8599aaf19c9cdda59abb_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:a2de7f954c0878842b5e214d809382c7d0428b8d3ed22fa1516e49ec583d7790_s390x | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:bbd215d60e43f719ac81025128f30002bb11f1d29fa874f3b8b1ce61a9269628_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:c6cda704d37ed2d233ec225578cb8021429a64d77649c26672c876569a0696b6_amd64 | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:351d18f13943b57b5599dc4c2af9970a6add2fbf2cd702f64128e156e4e8a991_s390x | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:bee9a86adcd6974536fa31d054a880238a720b8bfcd7efc5d656a0ddd5111d06_amd64 | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:eebc6514999806d2726fea70bd7f4979dd71a7b2f2aa220ead6b5a838a0ffbdf_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:7b59f76549db37ee09757d79692c52abf1c01baea84fbc98ce5aabc530232f45_s390x | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:a4b7ddd16863e41a6642fc52c566d94069732afafdcbd761385be1e4e04c8521_amd64 | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:bc137efedf8eaf278f508b7f652e7db96f3dcfbb1b685e5a9359680c77b1838a_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:4ffd0acfd05fa5cab68372121f34901adcef3f94d9c38beee8559f9ad8a0fd5a_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:8c3838d96559d417f8986703803843e77732d399d911097488a554b037e2e446_s390x | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:99e0a7f2861823dbd94ed53294a255aab2f710cc0c932dca84ae0681494e029b_amd64 | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:0f35f2a716c4a04873d6dfad61f0d8fc262f2190609cd1cc5578da48cd9d0f4d_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:19821b7b74ed96b78f3322c1b770053c532c27b11b66978731ab4aa257991e81_s390x | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:8918686da37dad102867ad55788b2b0f7d750cf137b76a4ca51e244367de6375_amd64 | — |
Threats
Impact
Moderate
A vulnerability was found in the async package. This flaw allows a malicious user to obtain privileges via the mapValues() method.
7.8 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:2371e4effbf6a4846599729701de09a5613a2df29fee9858b0526470d63a5eb7_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:a2e263be450ab7c304d5b9a79d13e8f65a2b82d259034fc34b8f69cfa8029601_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:f5d874b252b5fa89e85db384b81096cd84fbfafc593532bb6ea0175f680115c7_ppc64le | — |
Vendor Fix
fix
|
Known not affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:ce1247898969a1865d5d7eb865f659131d6dc58e78aecfc31c59615dc21dd48e_s390x | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:ce4f38fd64e2e1944e037097b3af9d5b8645f7fc5856b74cba00f94a1a60471f_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:f496643a0600a632a3ce216d67634cff9e6174aeb4d113743fd0443a40b535d9_amd64 | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:3f410cd41ea91e0014d1cf8d7f3decb3bf0e3db5e9aa2612480a76f6797aa3b5_amd64 | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:47720497b1bb8ee24993260359294eeeafdd888c71ccca6cb12d526e5c3a4a13_s390x | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:8abbc8a247ff6de3e5b212e6a2b0203600555e1f3f0c8599aaf19c9cdda59abb_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:a2de7f954c0878842b5e214d809382c7d0428b8d3ed22fa1516e49ec583d7790_s390x | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:bbd215d60e43f719ac81025128f30002bb11f1d29fa874f3b8b1ce61a9269628_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:c6cda704d37ed2d233ec225578cb8021429a64d77649c26672c876569a0696b6_amd64 | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:351d18f13943b57b5599dc4c2af9970a6add2fbf2cd702f64128e156e4e8a991_s390x | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:bee9a86adcd6974536fa31d054a880238a720b8bfcd7efc5d656a0ddd5111d06_amd64 | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:eebc6514999806d2726fea70bd7f4979dd71a7b2f2aa220ead6b5a838a0ffbdf_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:7b59f76549db37ee09757d79692c52abf1c01baea84fbc98ce5aabc530232f45_s390x | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:a4b7ddd16863e41a6642fc52c566d94069732afafdcbd761385be1e4e04c8521_amd64 | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:bc137efedf8eaf278f508b7f652e7db96f3dcfbb1b685e5a9359680c77b1838a_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:4ffd0acfd05fa5cab68372121f34901adcef3f94d9c38beee8559f9ad8a0fd5a_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:8c3838d96559d417f8986703803843e77732d399d911097488a554b037e2e446_s390x | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:99e0a7f2861823dbd94ed53294a255aab2f710cc0c932dca84ae0681494e029b_amd64 | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:0f35f2a716c4a04873d6dfad61f0d8fc262f2190609cd1cc5578da48cd9d0f4d_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:19821b7b74ed96b78f3322c1b770053c532c27b11b66978731ab4aa257991e81_s390x | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:8918686da37dad102867ad55788b2b0f7d750cf137b76a4ca51e244367de6375_amd64 | — |
Threats
Impact
Moderate
A flaw was found in the express.js npm package of nodejs:14 module stream. Express.js Express is vulnerable to a denial of service caused by a prototype pollution flaw in qs. By adding or modifying properties of Object.prototype using a __proto__ or constructor payload, a remote attacker can cause a denial of service.
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:2371e4effbf6a4846599729701de09a5613a2df29fee9858b0526470d63a5eb7_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:a2e263be450ab7c304d5b9a79d13e8f65a2b82d259034fc34b8f69cfa8029601_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:f5d874b252b5fa89e85db384b81096cd84fbfafc593532bb6ea0175f680115c7_ppc64le | — |
Vendor Fix
fix
|
Known not affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:ce1247898969a1865d5d7eb865f659131d6dc58e78aecfc31c59615dc21dd48e_s390x | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:ce4f38fd64e2e1944e037097b3af9d5b8645f7fc5856b74cba00f94a1a60471f_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:f496643a0600a632a3ce216d67634cff9e6174aeb4d113743fd0443a40b535d9_amd64 | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:3f410cd41ea91e0014d1cf8d7f3decb3bf0e3db5e9aa2612480a76f6797aa3b5_amd64 | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:47720497b1bb8ee24993260359294eeeafdd888c71ccca6cb12d526e5c3a4a13_s390x | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:8abbc8a247ff6de3e5b212e6a2b0203600555e1f3f0c8599aaf19c9cdda59abb_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:a2de7f954c0878842b5e214d809382c7d0428b8d3ed22fa1516e49ec583d7790_s390x | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:bbd215d60e43f719ac81025128f30002bb11f1d29fa874f3b8b1ce61a9269628_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:c6cda704d37ed2d233ec225578cb8021429a64d77649c26672c876569a0696b6_amd64 | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:351d18f13943b57b5599dc4c2af9970a6add2fbf2cd702f64128e156e4e8a991_s390x | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:bee9a86adcd6974536fa31d054a880238a720b8bfcd7efc5d656a0ddd5111d06_amd64 | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:eebc6514999806d2726fea70bd7f4979dd71a7b2f2aa220ead6b5a838a0ffbdf_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:7b59f76549db37ee09757d79692c52abf1c01baea84fbc98ce5aabc530232f45_s390x | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:a4b7ddd16863e41a6642fc52c566d94069732afafdcbd761385be1e4e04c8521_amd64 | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:bc137efedf8eaf278f508b7f652e7db96f3dcfbb1b685e5a9359680c77b1838a_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:4ffd0acfd05fa5cab68372121f34901adcef3f94d9c38beee8559f9ad8a0fd5a_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:8c3838d96559d417f8986703803843e77732d399d911097488a554b037e2e446_s390x | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:99e0a7f2861823dbd94ed53294a255aab2f710cc0c932dca84ae0681494e029b_amd64 | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:0f35f2a716c4a04873d6dfad61f0d8fc262f2190609cd1cc5578da48cd9d0f4d_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:19821b7b74ed96b78f3322c1b770053c532c27b11b66978731ab4aa257991e81_s390x | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:8918686da37dad102867ad55788b2b0f7d750cf137b76a4ca51e244367de6375_amd64 | — |
Threats
Impact
Moderate
A vulnerability was found in the terser package. Affected versions of this package are vulnerable to Regular expression denial of service (ReDoS) attacks, affecting system availability.
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:2371e4effbf6a4846599729701de09a5613a2df29fee9858b0526470d63a5eb7_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:a2e263be450ab7c304d5b9a79d13e8f65a2b82d259034fc34b8f69cfa8029601_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:f5d874b252b5fa89e85db384b81096cd84fbfafc593532bb6ea0175f680115c7_ppc64le | — |
Vendor Fix
fix
|
Known not affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:ce1247898969a1865d5d7eb865f659131d6dc58e78aecfc31c59615dc21dd48e_s390x | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:ce4f38fd64e2e1944e037097b3af9d5b8645f7fc5856b74cba00f94a1a60471f_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:f496643a0600a632a3ce216d67634cff9e6174aeb4d113743fd0443a40b535d9_amd64 | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:3f410cd41ea91e0014d1cf8d7f3decb3bf0e3db5e9aa2612480a76f6797aa3b5_amd64 | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:47720497b1bb8ee24993260359294eeeafdd888c71ccca6cb12d526e5c3a4a13_s390x | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:8abbc8a247ff6de3e5b212e6a2b0203600555e1f3f0c8599aaf19c9cdda59abb_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:a2de7f954c0878842b5e214d809382c7d0428b8d3ed22fa1516e49ec583d7790_s390x | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:bbd215d60e43f719ac81025128f30002bb11f1d29fa874f3b8b1ce61a9269628_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:c6cda704d37ed2d233ec225578cb8021429a64d77649c26672c876569a0696b6_amd64 | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:351d18f13943b57b5599dc4c2af9970a6add2fbf2cd702f64128e156e4e8a991_s390x | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:bee9a86adcd6974536fa31d054a880238a720b8bfcd7efc5d656a0ddd5111d06_amd64 | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:eebc6514999806d2726fea70bd7f4979dd71a7b2f2aa220ead6b5a838a0ffbdf_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:7b59f76549db37ee09757d79692c52abf1c01baea84fbc98ce5aabc530232f45_s390x | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:a4b7ddd16863e41a6642fc52c566d94069732afafdcbd761385be1e4e04c8521_amd64 | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:bc137efedf8eaf278f508b7f652e7db96f3dcfbb1b685e5a9359680c77b1838a_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:4ffd0acfd05fa5cab68372121f34901adcef3f94d9c38beee8559f9ad8a0fd5a_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:8c3838d96559d417f8986703803843e77732d399d911097488a554b037e2e446_s390x | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:99e0a7f2861823dbd94ed53294a255aab2f710cc0c932dca84ae0681494e029b_amd64 | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:0f35f2a716c4a04873d6dfad61f0d8fc262f2190609cd1cc5578da48cd9d0f4d_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:19821b7b74ed96b78f3322c1b770053c532c27b11b66978731ab4aa257991e81_s390x | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:8918686da37dad102867ad55788b2b0f7d750cf137b76a4ca51e244367de6375_amd64 | — |
Threats
Impact
Moderate
References
32 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Service Mesh 2.2.7\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Service Mesh is Red Hat\u0027s distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation.\n\nThis advisory covers the RPM packages for the release.\n\nSecurity Fix(es):\n\n* mongo-go-driver: specific cstrings input may not be properly validated (CVE-2021-20329)\n* async: Prototype Pollution in async (CVE-2021-43138)\n* express: \"qs\" prototype poisoning causes the hang of the node process (CVE-2022-24999)\n* terser: insecure use of regular expressions leads to ReDoS (CVE-2022-25858)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:3645",
"url": "https://access.redhat.com/errata/RHSA-2023:3645"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1971033",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1971033"
},
{
"category": "external",
"summary": "2126276",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126276"
},
{
"category": "external",
"summary": "2126277",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126277"
},
{
"category": "external",
"summary": "2150323",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150323"
},
{
"category": "external",
"summary": "OSSM-3596",
"url": "https://issues.redhat.com/browse/OSSM-3596"
},
{
"category": "external",
"summary": "OSSM-3720",
"url": "https://issues.redhat.com/browse/OSSM-3720"
},
{
"category": "external",
"summary": "OSSM-3783",
"url": "https://issues.redhat.com/browse/OSSM-3783"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_3645.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Service Mesh 2.2.7 security update",
"tracking": {
"current_release_date": "2026-06-05T18:47:58+00:00",
"generator": {
"date": "2026-06-05T18:47:58+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.2"
}
},
"id": "RHSA-2023:3645",
"initial_release_date": "2023-06-15T20:55:50+00:00",
"revision_history": [
{
"date": "2023-06-15T20:55:50+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-06-15T20:55:50+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-05T18:47:58+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHOSSM 2.2 for RHEL 8",
"product": {
"name": "RHOSSM 2.2 for RHEL 8",
"product_id": "8Base-RHOSSM-2.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:service_mesh:2.2::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Service Mesh"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:3f410cd41ea91e0014d1cf8d7f3decb3bf0e3db5e9aa2612480a76f6797aa3b5_amd64",
"product": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:3f410cd41ea91e0014d1cf8d7f3decb3bf0e3db5e9aa2612480a76f6797aa3b5_amd64",
"product_id": "openshift-service-mesh/istio-cni-rhel8@sha256:3f410cd41ea91e0014d1cf8d7f3decb3bf0e3db5e9aa2612480a76f6797aa3b5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel8@sha256:3f410cd41ea91e0014d1cf8d7f3decb3bf0e3db5e9aa2612480a76f6797aa3b5?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8\u0026tag=2.2.7-7"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/grafana-rhel8@sha256:f496643a0600a632a3ce216d67634cff9e6174aeb4d113743fd0443a40b535d9_amd64",
"product": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:f496643a0600a632a3ce216d67634cff9e6174aeb4d113743fd0443a40b535d9_amd64",
"product_id": "openshift-service-mesh/grafana-rhel8@sha256:f496643a0600a632a3ce216d67634cff9e6174aeb4d113743fd0443a40b535d9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel8@sha256:f496643a0600a632a3ce216d67634cff9e6174aeb4d113743fd0443a40b535d9?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8\u0026tag=2.2.7-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/kiali-rhel8@sha256:bee9a86adcd6974536fa31d054a880238a720b8bfcd7efc5d656a0ddd5111d06_amd64",
"product": {
"name": "openshift-service-mesh/kiali-rhel8@sha256:bee9a86adcd6974536fa31d054a880238a720b8bfcd7efc5d656a0ddd5111d06_amd64",
"product_id": "openshift-service-mesh/kiali-rhel8@sha256:bee9a86adcd6974536fa31d054a880238a720b8bfcd7efc5d656a0ddd5111d06_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8@sha256:bee9a86adcd6974536fa31d054a880238a720b8bfcd7efc5d656a0ddd5111d06?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8\u0026tag=1.48.6-1"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:c6cda704d37ed2d233ec225578cb8021429a64d77649c26672c876569a0696b6_amd64",
"product": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:c6cda704d37ed2d233ec225578cb8021429a64d77649c26672c876569a0696b6_amd64",
"product_id": "openshift-service-mesh/istio-must-gather-rhel8@sha256:c6cda704d37ed2d233ec225578cb8021429a64d77649c26672c876569a0696b6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel8@sha256:c6cda704d37ed2d233ec225578cb8021429a64d77649c26672c876569a0696b6?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8\u0026tag=2.2.7-7"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/pilot-rhel8@sha256:a4b7ddd16863e41a6642fc52c566d94069732afafdcbd761385be1e4e04c8521_amd64",
"product": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:a4b7ddd16863e41a6642fc52c566d94069732afafdcbd761385be1e4e04c8521_amd64",
"product_id": "openshift-service-mesh/pilot-rhel8@sha256:a4b7ddd16863e41a6642fc52c566d94069732afafdcbd761385be1e4e04c8521_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pilot-rhel8@sha256:a4b7ddd16863e41a6642fc52c566d94069732afafdcbd761385be1e4e04c8521?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8\u0026tag=2.2.7-7"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/prometheus-rhel8@sha256:2371e4effbf6a4846599729701de09a5613a2df29fee9858b0526470d63a5eb7_amd64",
"product": {
"name": "openshift-service-mesh/prometheus-rhel8@sha256:2371e4effbf6a4846599729701de09a5613a2df29fee9858b0526470d63a5eb7_amd64",
"product_id": "openshift-service-mesh/prometheus-rhel8@sha256:2371e4effbf6a4846599729701de09a5613a2df29fee9858b0526470d63a5eb7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/prometheus-rhel8@sha256:2371e4effbf6a4846599729701de09a5613a2df29fee9858b0526470d63a5eb7?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/prometheus-rhel8\u0026tag=2.2.7-7"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:99e0a7f2861823dbd94ed53294a255aab2f710cc0c932dca84ae0681494e029b_amd64",
"product": {
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:99e0a7f2861823dbd94ed53294a255aab2f710cc0c932dca84ae0681494e029b_amd64",
"product_id": "openshift-service-mesh/proxyv2-rhel8@sha256:99e0a7f2861823dbd94ed53294a255aab2f710cc0c932dca84ae0681494e029b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/proxyv2-rhel8@sha256:99e0a7f2861823dbd94ed53294a255aab2f710cc0c932dca84ae0681494e029b?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel8\u0026tag=2.2.7-6"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:8918686da37dad102867ad55788b2b0f7d750cf137b76a4ca51e244367de6375_amd64",
"product": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:8918686da37dad102867ad55788b2b0f7d750cf137b76a4ca51e244367de6375_amd64",
"product_id": "openshift-service-mesh/ratelimit-rhel8@sha256:8918686da37dad102867ad55788b2b0f7d750cf137b76a4ca51e244367de6375_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ratelimit-rhel8@sha256:8918686da37dad102867ad55788b2b0f7d750cf137b76a4ca51e244367de6375?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8\u0026tag=2.2.7-4"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:8abbc8a247ff6de3e5b212e6a2b0203600555e1f3f0c8599aaf19c9cdda59abb_ppc64le",
"product": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:8abbc8a247ff6de3e5b212e6a2b0203600555e1f3f0c8599aaf19c9cdda59abb_ppc64le",
"product_id": "openshift-service-mesh/istio-cni-rhel8@sha256:8abbc8a247ff6de3e5b212e6a2b0203600555e1f3f0c8599aaf19c9cdda59abb_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel8@sha256:8abbc8a247ff6de3e5b212e6a2b0203600555e1f3f0c8599aaf19c9cdda59abb?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8\u0026tag=2.2.7-7"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/grafana-rhel8@sha256:ce4f38fd64e2e1944e037097b3af9d5b8645f7fc5856b74cba00f94a1a60471f_ppc64le",
"product": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:ce4f38fd64e2e1944e037097b3af9d5b8645f7fc5856b74cba00f94a1a60471f_ppc64le",
"product_id": "openshift-service-mesh/grafana-rhel8@sha256:ce4f38fd64e2e1944e037097b3af9d5b8645f7fc5856b74cba00f94a1a60471f_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel8@sha256:ce4f38fd64e2e1944e037097b3af9d5b8645f7fc5856b74cba00f94a1a60471f?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8\u0026tag=2.2.7-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/kiali-rhel8@sha256:eebc6514999806d2726fea70bd7f4979dd71a7b2f2aa220ead6b5a838a0ffbdf_ppc64le",
"product": {
"name": "openshift-service-mesh/kiali-rhel8@sha256:eebc6514999806d2726fea70bd7f4979dd71a7b2f2aa220ead6b5a838a0ffbdf_ppc64le",
"product_id": "openshift-service-mesh/kiali-rhel8@sha256:eebc6514999806d2726fea70bd7f4979dd71a7b2f2aa220ead6b5a838a0ffbdf_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8@sha256:eebc6514999806d2726fea70bd7f4979dd71a7b2f2aa220ead6b5a838a0ffbdf?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8\u0026tag=1.48.6-1"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:bbd215d60e43f719ac81025128f30002bb11f1d29fa874f3b8b1ce61a9269628_ppc64le",
"product": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:bbd215d60e43f719ac81025128f30002bb11f1d29fa874f3b8b1ce61a9269628_ppc64le",
"product_id": "openshift-service-mesh/istio-must-gather-rhel8@sha256:bbd215d60e43f719ac81025128f30002bb11f1d29fa874f3b8b1ce61a9269628_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel8@sha256:bbd215d60e43f719ac81025128f30002bb11f1d29fa874f3b8b1ce61a9269628?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8\u0026tag=2.2.7-7"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/pilot-rhel8@sha256:bc137efedf8eaf278f508b7f652e7db96f3dcfbb1b685e5a9359680c77b1838a_ppc64le",
"product": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:bc137efedf8eaf278f508b7f652e7db96f3dcfbb1b685e5a9359680c77b1838a_ppc64le",
"product_id": "openshift-service-mesh/pilot-rhel8@sha256:bc137efedf8eaf278f508b7f652e7db96f3dcfbb1b685e5a9359680c77b1838a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pilot-rhel8@sha256:bc137efedf8eaf278f508b7f652e7db96f3dcfbb1b685e5a9359680c77b1838a?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8\u0026tag=2.2.7-7"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/prometheus-rhel8@sha256:f5d874b252b5fa89e85db384b81096cd84fbfafc593532bb6ea0175f680115c7_ppc64le",
"product": {
"name": "openshift-service-mesh/prometheus-rhel8@sha256:f5d874b252b5fa89e85db384b81096cd84fbfafc593532bb6ea0175f680115c7_ppc64le",
"product_id": "openshift-service-mesh/prometheus-rhel8@sha256:f5d874b252b5fa89e85db384b81096cd84fbfafc593532bb6ea0175f680115c7_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/prometheus-rhel8@sha256:f5d874b252b5fa89e85db384b81096cd84fbfafc593532bb6ea0175f680115c7?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/prometheus-rhel8\u0026tag=2.2.7-7"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:4ffd0acfd05fa5cab68372121f34901adcef3f94d9c38beee8559f9ad8a0fd5a_ppc64le",
"product": {
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:4ffd0acfd05fa5cab68372121f34901adcef3f94d9c38beee8559f9ad8a0fd5a_ppc64le",
"product_id": "openshift-service-mesh/proxyv2-rhel8@sha256:4ffd0acfd05fa5cab68372121f34901adcef3f94d9c38beee8559f9ad8a0fd5a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/proxyv2-rhel8@sha256:4ffd0acfd05fa5cab68372121f34901adcef3f94d9c38beee8559f9ad8a0fd5a?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel8\u0026tag=2.2.7-6"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:0f35f2a716c4a04873d6dfad61f0d8fc262f2190609cd1cc5578da48cd9d0f4d_ppc64le",
"product": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:0f35f2a716c4a04873d6dfad61f0d8fc262f2190609cd1cc5578da48cd9d0f4d_ppc64le",
"product_id": "openshift-service-mesh/ratelimit-rhel8@sha256:0f35f2a716c4a04873d6dfad61f0d8fc262f2190609cd1cc5578da48cd9d0f4d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ratelimit-rhel8@sha256:0f35f2a716c4a04873d6dfad61f0d8fc262f2190609cd1cc5578da48cd9d0f4d?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8\u0026tag=2.2.7-4"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:47720497b1bb8ee24993260359294eeeafdd888c71ccca6cb12d526e5c3a4a13_s390x",
"product": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:47720497b1bb8ee24993260359294eeeafdd888c71ccca6cb12d526e5c3a4a13_s390x",
"product_id": "openshift-service-mesh/istio-cni-rhel8@sha256:47720497b1bb8ee24993260359294eeeafdd888c71ccca6cb12d526e5c3a4a13_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel8@sha256:47720497b1bb8ee24993260359294eeeafdd888c71ccca6cb12d526e5c3a4a13?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8\u0026tag=2.2.7-7"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/grafana-rhel8@sha256:ce1247898969a1865d5d7eb865f659131d6dc58e78aecfc31c59615dc21dd48e_s390x",
"product": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:ce1247898969a1865d5d7eb865f659131d6dc58e78aecfc31c59615dc21dd48e_s390x",
"product_id": "openshift-service-mesh/grafana-rhel8@sha256:ce1247898969a1865d5d7eb865f659131d6dc58e78aecfc31c59615dc21dd48e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel8@sha256:ce1247898969a1865d5d7eb865f659131d6dc58e78aecfc31c59615dc21dd48e?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8\u0026tag=2.2.7-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/kiali-rhel8@sha256:351d18f13943b57b5599dc4c2af9970a6add2fbf2cd702f64128e156e4e8a991_s390x",
"product": {
"name": "openshift-service-mesh/kiali-rhel8@sha256:351d18f13943b57b5599dc4c2af9970a6add2fbf2cd702f64128e156e4e8a991_s390x",
"product_id": "openshift-service-mesh/kiali-rhel8@sha256:351d18f13943b57b5599dc4c2af9970a6add2fbf2cd702f64128e156e4e8a991_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8@sha256:351d18f13943b57b5599dc4c2af9970a6add2fbf2cd702f64128e156e4e8a991?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8\u0026tag=1.48.6-1"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:a2de7f954c0878842b5e214d809382c7d0428b8d3ed22fa1516e49ec583d7790_s390x",
"product": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:a2de7f954c0878842b5e214d809382c7d0428b8d3ed22fa1516e49ec583d7790_s390x",
"product_id": "openshift-service-mesh/istio-must-gather-rhel8@sha256:a2de7f954c0878842b5e214d809382c7d0428b8d3ed22fa1516e49ec583d7790_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel8@sha256:a2de7f954c0878842b5e214d809382c7d0428b8d3ed22fa1516e49ec583d7790?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8\u0026tag=2.2.7-7"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/pilot-rhel8@sha256:7b59f76549db37ee09757d79692c52abf1c01baea84fbc98ce5aabc530232f45_s390x",
"product": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:7b59f76549db37ee09757d79692c52abf1c01baea84fbc98ce5aabc530232f45_s390x",
"product_id": "openshift-service-mesh/pilot-rhel8@sha256:7b59f76549db37ee09757d79692c52abf1c01baea84fbc98ce5aabc530232f45_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pilot-rhel8@sha256:7b59f76549db37ee09757d79692c52abf1c01baea84fbc98ce5aabc530232f45?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8\u0026tag=2.2.7-7"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/prometheus-rhel8@sha256:a2e263be450ab7c304d5b9a79d13e8f65a2b82d259034fc34b8f69cfa8029601_s390x",
"product": {
"name": "openshift-service-mesh/prometheus-rhel8@sha256:a2e263be450ab7c304d5b9a79d13e8f65a2b82d259034fc34b8f69cfa8029601_s390x",
"product_id": "openshift-service-mesh/prometheus-rhel8@sha256:a2e263be450ab7c304d5b9a79d13e8f65a2b82d259034fc34b8f69cfa8029601_s390x",
"product_identification_helper": {
"purl": "pkg:oci/prometheus-rhel8@sha256:a2e263be450ab7c304d5b9a79d13e8f65a2b82d259034fc34b8f69cfa8029601?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/prometheus-rhel8\u0026tag=2.2.7-7"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:8c3838d96559d417f8986703803843e77732d399d911097488a554b037e2e446_s390x",
"product": {
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:8c3838d96559d417f8986703803843e77732d399d911097488a554b037e2e446_s390x",
"product_id": "openshift-service-mesh/proxyv2-rhel8@sha256:8c3838d96559d417f8986703803843e77732d399d911097488a554b037e2e446_s390x",
"product_identification_helper": {
"purl": "pkg:oci/proxyv2-rhel8@sha256:8c3838d96559d417f8986703803843e77732d399d911097488a554b037e2e446?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel8\u0026tag=2.2.7-6"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:19821b7b74ed96b78f3322c1b770053c532c27b11b66978731ab4aa257991e81_s390x",
"product": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:19821b7b74ed96b78f3322c1b770053c532c27b11b66978731ab4aa257991e81_s390x",
"product_id": "openshift-service-mesh/ratelimit-rhel8@sha256:19821b7b74ed96b78f3322c1b770053c532c27b11b66978731ab4aa257991e81_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ratelimit-rhel8@sha256:19821b7b74ed96b78f3322c1b770053c532c27b11b66978731ab4aa257991e81?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8\u0026tag=2.2.7-4"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:ce1247898969a1865d5d7eb865f659131d6dc58e78aecfc31c59615dc21dd48e_s390x as a component of RHOSSM 2.2 for RHEL 8",
"product_id": "8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:ce1247898969a1865d5d7eb865f659131d6dc58e78aecfc31c59615dc21dd48e_s390x"
},
"product_reference": "openshift-service-mesh/grafana-rhel8@sha256:ce1247898969a1865d5d7eb865f659131d6dc58e78aecfc31c59615dc21dd48e_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:ce4f38fd64e2e1944e037097b3af9d5b8645f7fc5856b74cba00f94a1a60471f_ppc64le as a component of RHOSSM 2.2 for RHEL 8",
"product_id": "8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:ce4f38fd64e2e1944e037097b3af9d5b8645f7fc5856b74cba00f94a1a60471f_ppc64le"
},
"product_reference": "openshift-service-mesh/grafana-rhel8@sha256:ce4f38fd64e2e1944e037097b3af9d5b8645f7fc5856b74cba00f94a1a60471f_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:f496643a0600a632a3ce216d67634cff9e6174aeb4d113743fd0443a40b535d9_amd64 as a component of RHOSSM 2.2 for RHEL 8",
"product_id": "8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:f496643a0600a632a3ce216d67634cff9e6174aeb4d113743fd0443a40b535d9_amd64"
},
"product_reference": "openshift-service-mesh/grafana-rhel8@sha256:f496643a0600a632a3ce216d67634cff9e6174aeb4d113743fd0443a40b535d9_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:3f410cd41ea91e0014d1cf8d7f3decb3bf0e3db5e9aa2612480a76f6797aa3b5_amd64 as a component of RHOSSM 2.2 for RHEL 8",
"product_id": "8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:3f410cd41ea91e0014d1cf8d7f3decb3bf0e3db5e9aa2612480a76f6797aa3b5_amd64"
},
"product_reference": "openshift-service-mesh/istio-cni-rhel8@sha256:3f410cd41ea91e0014d1cf8d7f3decb3bf0e3db5e9aa2612480a76f6797aa3b5_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:47720497b1bb8ee24993260359294eeeafdd888c71ccca6cb12d526e5c3a4a13_s390x as a component of RHOSSM 2.2 for RHEL 8",
"product_id": "8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:47720497b1bb8ee24993260359294eeeafdd888c71ccca6cb12d526e5c3a4a13_s390x"
},
"product_reference": "openshift-service-mesh/istio-cni-rhel8@sha256:47720497b1bb8ee24993260359294eeeafdd888c71ccca6cb12d526e5c3a4a13_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:8abbc8a247ff6de3e5b212e6a2b0203600555e1f3f0c8599aaf19c9cdda59abb_ppc64le as a component of RHOSSM 2.2 for RHEL 8",
"product_id": "8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:8abbc8a247ff6de3e5b212e6a2b0203600555e1f3f0c8599aaf19c9cdda59abb_ppc64le"
},
"product_reference": "openshift-service-mesh/istio-cni-rhel8@sha256:8abbc8a247ff6de3e5b212e6a2b0203600555e1f3f0c8599aaf19c9cdda59abb_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:a2de7f954c0878842b5e214d809382c7d0428b8d3ed22fa1516e49ec583d7790_s390x as a component of RHOSSM 2.2 for RHEL 8",
"product_id": "8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:a2de7f954c0878842b5e214d809382c7d0428b8d3ed22fa1516e49ec583d7790_s390x"
},
"product_reference": "openshift-service-mesh/istio-must-gather-rhel8@sha256:a2de7f954c0878842b5e214d809382c7d0428b8d3ed22fa1516e49ec583d7790_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:bbd215d60e43f719ac81025128f30002bb11f1d29fa874f3b8b1ce61a9269628_ppc64le as a component of RHOSSM 2.2 for RHEL 8",
"product_id": "8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:bbd215d60e43f719ac81025128f30002bb11f1d29fa874f3b8b1ce61a9269628_ppc64le"
},
"product_reference": "openshift-service-mesh/istio-must-gather-rhel8@sha256:bbd215d60e43f719ac81025128f30002bb11f1d29fa874f3b8b1ce61a9269628_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:c6cda704d37ed2d233ec225578cb8021429a64d77649c26672c876569a0696b6_amd64 as a component of RHOSSM 2.2 for RHEL 8",
"product_id": "8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:c6cda704d37ed2d233ec225578cb8021429a64d77649c26672c876569a0696b6_amd64"
},
"product_reference": "openshift-service-mesh/istio-must-gather-rhel8@sha256:c6cda704d37ed2d233ec225578cb8021429a64d77649c26672c876569a0696b6_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/kiali-rhel8@sha256:351d18f13943b57b5599dc4c2af9970a6add2fbf2cd702f64128e156e4e8a991_s390x as a component of RHOSSM 2.2 for RHEL 8",
"product_id": "8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:351d18f13943b57b5599dc4c2af9970a6add2fbf2cd702f64128e156e4e8a991_s390x"
},
"product_reference": "openshift-service-mesh/kiali-rhel8@sha256:351d18f13943b57b5599dc4c2af9970a6add2fbf2cd702f64128e156e4e8a991_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/kiali-rhel8@sha256:bee9a86adcd6974536fa31d054a880238a720b8bfcd7efc5d656a0ddd5111d06_amd64 as a component of RHOSSM 2.2 for RHEL 8",
"product_id": "8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:bee9a86adcd6974536fa31d054a880238a720b8bfcd7efc5d656a0ddd5111d06_amd64"
},
"product_reference": "openshift-service-mesh/kiali-rhel8@sha256:bee9a86adcd6974536fa31d054a880238a720b8bfcd7efc5d656a0ddd5111d06_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/kiali-rhel8@sha256:eebc6514999806d2726fea70bd7f4979dd71a7b2f2aa220ead6b5a838a0ffbdf_ppc64le as a component of RHOSSM 2.2 for RHEL 8",
"product_id": "8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:eebc6514999806d2726fea70bd7f4979dd71a7b2f2aa220ead6b5a838a0ffbdf_ppc64le"
},
"product_reference": "openshift-service-mesh/kiali-rhel8@sha256:eebc6514999806d2726fea70bd7f4979dd71a7b2f2aa220ead6b5a838a0ffbdf_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:7b59f76549db37ee09757d79692c52abf1c01baea84fbc98ce5aabc530232f45_s390x as a component of RHOSSM 2.2 for RHEL 8",
"product_id": "8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:7b59f76549db37ee09757d79692c52abf1c01baea84fbc98ce5aabc530232f45_s390x"
},
"product_reference": "openshift-service-mesh/pilot-rhel8@sha256:7b59f76549db37ee09757d79692c52abf1c01baea84fbc98ce5aabc530232f45_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:a4b7ddd16863e41a6642fc52c566d94069732afafdcbd761385be1e4e04c8521_amd64 as a component of RHOSSM 2.2 for RHEL 8",
"product_id": "8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:a4b7ddd16863e41a6642fc52c566d94069732afafdcbd761385be1e4e04c8521_amd64"
},
"product_reference": "openshift-service-mesh/pilot-rhel8@sha256:a4b7ddd16863e41a6642fc52c566d94069732afafdcbd761385be1e4e04c8521_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:bc137efedf8eaf278f508b7f652e7db96f3dcfbb1b685e5a9359680c77b1838a_ppc64le as a component of RHOSSM 2.2 for RHEL 8",
"product_id": "8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:bc137efedf8eaf278f508b7f652e7db96f3dcfbb1b685e5a9359680c77b1838a_ppc64le"
},
"product_reference": "openshift-service-mesh/pilot-rhel8@sha256:bc137efedf8eaf278f508b7f652e7db96f3dcfbb1b685e5a9359680c77b1838a_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/prometheus-rhel8@sha256:2371e4effbf6a4846599729701de09a5613a2df29fee9858b0526470d63a5eb7_amd64 as a component of RHOSSM 2.2 for RHEL 8",
"product_id": "8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:2371e4effbf6a4846599729701de09a5613a2df29fee9858b0526470d63a5eb7_amd64"
},
"product_reference": "openshift-service-mesh/prometheus-rhel8@sha256:2371e4effbf6a4846599729701de09a5613a2df29fee9858b0526470d63a5eb7_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/prometheus-rhel8@sha256:a2e263be450ab7c304d5b9a79d13e8f65a2b82d259034fc34b8f69cfa8029601_s390x as a component of RHOSSM 2.2 for RHEL 8",
"product_id": "8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:a2e263be450ab7c304d5b9a79d13e8f65a2b82d259034fc34b8f69cfa8029601_s390x"
},
"product_reference": "openshift-service-mesh/prometheus-rhel8@sha256:a2e263be450ab7c304d5b9a79d13e8f65a2b82d259034fc34b8f69cfa8029601_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/prometheus-rhel8@sha256:f5d874b252b5fa89e85db384b81096cd84fbfafc593532bb6ea0175f680115c7_ppc64le as a component of RHOSSM 2.2 for RHEL 8",
"product_id": "8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:f5d874b252b5fa89e85db384b81096cd84fbfafc593532bb6ea0175f680115c7_ppc64le"
},
"product_reference": "openshift-service-mesh/prometheus-rhel8@sha256:f5d874b252b5fa89e85db384b81096cd84fbfafc593532bb6ea0175f680115c7_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:4ffd0acfd05fa5cab68372121f34901adcef3f94d9c38beee8559f9ad8a0fd5a_ppc64le as a component of RHOSSM 2.2 for RHEL 8",
"product_id": "8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:4ffd0acfd05fa5cab68372121f34901adcef3f94d9c38beee8559f9ad8a0fd5a_ppc64le"
},
"product_reference": "openshift-service-mesh/proxyv2-rhel8@sha256:4ffd0acfd05fa5cab68372121f34901adcef3f94d9c38beee8559f9ad8a0fd5a_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:8c3838d96559d417f8986703803843e77732d399d911097488a554b037e2e446_s390x as a component of RHOSSM 2.2 for RHEL 8",
"product_id": "8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:8c3838d96559d417f8986703803843e77732d399d911097488a554b037e2e446_s390x"
},
"product_reference": "openshift-service-mesh/proxyv2-rhel8@sha256:8c3838d96559d417f8986703803843e77732d399d911097488a554b037e2e446_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:99e0a7f2861823dbd94ed53294a255aab2f710cc0c932dca84ae0681494e029b_amd64 as a component of RHOSSM 2.2 for RHEL 8",
"product_id": "8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:99e0a7f2861823dbd94ed53294a255aab2f710cc0c932dca84ae0681494e029b_amd64"
},
"product_reference": "openshift-service-mesh/proxyv2-rhel8@sha256:99e0a7f2861823dbd94ed53294a255aab2f710cc0c932dca84ae0681494e029b_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:0f35f2a716c4a04873d6dfad61f0d8fc262f2190609cd1cc5578da48cd9d0f4d_ppc64le as a component of RHOSSM 2.2 for RHEL 8",
"product_id": "8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:0f35f2a716c4a04873d6dfad61f0d8fc262f2190609cd1cc5578da48cd9d0f4d_ppc64le"
},
"product_reference": "openshift-service-mesh/ratelimit-rhel8@sha256:0f35f2a716c4a04873d6dfad61f0d8fc262f2190609cd1cc5578da48cd9d0f4d_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:19821b7b74ed96b78f3322c1b770053c532c27b11b66978731ab4aa257991e81_s390x as a component of RHOSSM 2.2 for RHEL 8",
"product_id": "8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:19821b7b74ed96b78f3322c1b770053c532c27b11b66978731ab4aa257991e81_s390x"
},
"product_reference": "openshift-service-mesh/ratelimit-rhel8@sha256:19821b7b74ed96b78f3322c1b770053c532c27b11b66978731ab4aa257991e81_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:8918686da37dad102867ad55788b2b0f7d750cf137b76a4ca51e244367de6375_amd64 as a component of RHOSSM 2.2 for RHEL 8",
"product_id": "8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:8918686da37dad102867ad55788b2b0f7d750cf137b76a4ca51e244367de6375_amd64"
},
"product_reference": "openshift-service-mesh/ratelimit-rhel8@sha256:8918686da37dad102867ad55788b2b0f7d750cf137b76a4ca51e244367de6375_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-20329",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2021-06-10T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:ce1247898969a1865d5d7eb865f659131d6dc58e78aecfc31c59615dc21dd48e_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:ce4f38fd64e2e1944e037097b3af9d5b8645f7fc5856b74cba00f94a1a60471f_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:f496643a0600a632a3ce216d67634cff9e6174aeb4d113743fd0443a40b535d9_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:3f410cd41ea91e0014d1cf8d7f3decb3bf0e3db5e9aa2612480a76f6797aa3b5_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:47720497b1bb8ee24993260359294eeeafdd888c71ccca6cb12d526e5c3a4a13_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:8abbc8a247ff6de3e5b212e6a2b0203600555e1f3f0c8599aaf19c9cdda59abb_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:a2de7f954c0878842b5e214d809382c7d0428b8d3ed22fa1516e49ec583d7790_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:bbd215d60e43f719ac81025128f30002bb11f1d29fa874f3b8b1ce61a9269628_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:c6cda704d37ed2d233ec225578cb8021429a64d77649c26672c876569a0696b6_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:351d18f13943b57b5599dc4c2af9970a6add2fbf2cd702f64128e156e4e8a991_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:bee9a86adcd6974536fa31d054a880238a720b8bfcd7efc5d656a0ddd5111d06_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:eebc6514999806d2726fea70bd7f4979dd71a7b2f2aa220ead6b5a838a0ffbdf_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:7b59f76549db37ee09757d79692c52abf1c01baea84fbc98ce5aabc530232f45_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:a4b7ddd16863e41a6642fc52c566d94069732afafdcbd761385be1e4e04c8521_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:bc137efedf8eaf278f508b7f652e7db96f3dcfbb1b685e5a9359680c77b1838a_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:4ffd0acfd05fa5cab68372121f34901adcef3f94d9c38beee8559f9ad8a0fd5a_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:8c3838d96559d417f8986703803843e77732d399d911097488a554b037e2e446_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:99e0a7f2861823dbd94ed53294a255aab2f710cc0c932dca84ae0681494e029b_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:0f35f2a716c4a04873d6dfad61f0d8fc262f2190609cd1cc5578da48cd9d0f4d_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:19821b7b74ed96b78f3322c1b770053c532c27b11b66978731ab4aa257991e81_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:8918686da37dad102867ad55788b2b0f7d750cf137b76a4ca51e244367de6375_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1971033"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Mongo. Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshaling Go objects into BSON. This flaw allows a malicious user to use a Go object with a specific string to inject additional fields into marshaled documents.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mongo-go-driver: specific cstrings input may not be properly validated",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:2371e4effbf6a4846599729701de09a5613a2df29fee9858b0526470d63a5eb7_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:a2e263be450ab7c304d5b9a79d13e8f65a2b82d259034fc34b8f69cfa8029601_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:f5d874b252b5fa89e85db384b81096cd84fbfafc593532bb6ea0175f680115c7_ppc64le"
],
"known_not_affected": [
"8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:ce1247898969a1865d5d7eb865f659131d6dc58e78aecfc31c59615dc21dd48e_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:ce4f38fd64e2e1944e037097b3af9d5b8645f7fc5856b74cba00f94a1a60471f_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:f496643a0600a632a3ce216d67634cff9e6174aeb4d113743fd0443a40b535d9_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:3f410cd41ea91e0014d1cf8d7f3decb3bf0e3db5e9aa2612480a76f6797aa3b5_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:47720497b1bb8ee24993260359294eeeafdd888c71ccca6cb12d526e5c3a4a13_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:8abbc8a247ff6de3e5b212e6a2b0203600555e1f3f0c8599aaf19c9cdda59abb_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:a2de7f954c0878842b5e214d809382c7d0428b8d3ed22fa1516e49ec583d7790_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:bbd215d60e43f719ac81025128f30002bb11f1d29fa874f3b8b1ce61a9269628_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:c6cda704d37ed2d233ec225578cb8021429a64d77649c26672c876569a0696b6_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:351d18f13943b57b5599dc4c2af9970a6add2fbf2cd702f64128e156e4e8a991_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:bee9a86adcd6974536fa31d054a880238a720b8bfcd7efc5d656a0ddd5111d06_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:eebc6514999806d2726fea70bd7f4979dd71a7b2f2aa220ead6b5a838a0ffbdf_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:7b59f76549db37ee09757d79692c52abf1c01baea84fbc98ce5aabc530232f45_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:a4b7ddd16863e41a6642fc52c566d94069732afafdcbd761385be1e4e04c8521_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:bc137efedf8eaf278f508b7f652e7db96f3dcfbb1b685e5a9359680c77b1838a_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:4ffd0acfd05fa5cab68372121f34901adcef3f94d9c38beee8559f9ad8a0fd5a_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:8c3838d96559d417f8986703803843e77732d399d911097488a554b037e2e446_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:99e0a7f2861823dbd94ed53294a255aab2f710cc0c932dca84ae0681494e029b_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:0f35f2a716c4a04873d6dfad61f0d8fc262f2190609cd1cc5578da48cd9d0f4d_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:19821b7b74ed96b78f3322c1b770053c532c27b11b66978731ab4aa257991e81_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:8918686da37dad102867ad55788b2b0f7d750cf137b76a4ca51e244367de6375_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-20329"
},
{
"category": "external",
"summary": "RHBZ#1971033",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1971033"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-20329",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20329"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-20329",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20329"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-f6mq-5m25-4r72",
"url": "https://github.com/advisories/GHSA-f6mq-5m25-4r72"
},
{
"category": "external",
"summary": "https://github.com/mongodb/mongo-go-driver/releases/tag/v1.5.1",
"url": "https://github.com/mongodb/mongo-go-driver/releases/tag/v1.5.1"
}
],
"release_date": "2021-03-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T20:55:50+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:2371e4effbf6a4846599729701de09a5613a2df29fee9858b0526470d63a5eb7_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:a2e263be450ab7c304d5b9a79d13e8f65a2b82d259034fc34b8f69cfa8029601_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:f5d874b252b5fa89e85db384b81096cd84fbfafc593532bb6ea0175f680115c7_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3645"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:ce1247898969a1865d5d7eb865f659131d6dc58e78aecfc31c59615dc21dd48e_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:ce4f38fd64e2e1944e037097b3af9d5b8645f7fc5856b74cba00f94a1a60471f_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:f496643a0600a632a3ce216d67634cff9e6174aeb4d113743fd0443a40b535d9_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:3f410cd41ea91e0014d1cf8d7f3decb3bf0e3db5e9aa2612480a76f6797aa3b5_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:47720497b1bb8ee24993260359294eeeafdd888c71ccca6cb12d526e5c3a4a13_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:8abbc8a247ff6de3e5b212e6a2b0203600555e1f3f0c8599aaf19c9cdda59abb_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:a2de7f954c0878842b5e214d809382c7d0428b8d3ed22fa1516e49ec583d7790_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:bbd215d60e43f719ac81025128f30002bb11f1d29fa874f3b8b1ce61a9269628_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:c6cda704d37ed2d233ec225578cb8021429a64d77649c26672c876569a0696b6_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:351d18f13943b57b5599dc4c2af9970a6add2fbf2cd702f64128e156e4e8a991_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:bee9a86adcd6974536fa31d054a880238a720b8bfcd7efc5d656a0ddd5111d06_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:eebc6514999806d2726fea70bd7f4979dd71a7b2f2aa220ead6b5a838a0ffbdf_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:7b59f76549db37ee09757d79692c52abf1c01baea84fbc98ce5aabc530232f45_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:a4b7ddd16863e41a6642fc52c566d94069732afafdcbd761385be1e4e04c8521_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:bc137efedf8eaf278f508b7f652e7db96f3dcfbb1b685e5a9359680c77b1838a_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:2371e4effbf6a4846599729701de09a5613a2df29fee9858b0526470d63a5eb7_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:a2e263be450ab7c304d5b9a79d13e8f65a2b82d259034fc34b8f69cfa8029601_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:f5d874b252b5fa89e85db384b81096cd84fbfafc593532bb6ea0175f680115c7_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:4ffd0acfd05fa5cab68372121f34901adcef3f94d9c38beee8559f9ad8a0fd5a_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:8c3838d96559d417f8986703803843e77732d399d911097488a554b037e2e446_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:99e0a7f2861823dbd94ed53294a255aab2f710cc0c932dca84ae0681494e029b_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:0f35f2a716c4a04873d6dfad61f0d8fc262f2190609cd1cc5578da48cd9d0f4d_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:19821b7b74ed96b78f3322c1b770053c532c27b11b66978731ab4aa257991e81_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:8918686da37dad102867ad55788b2b0f7d750cf137b76a4ca51e244367de6375_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "mongo-go-driver: specific cstrings input may not be properly validated"
},
{
"cve": "CVE-2021-43138",
"cwe": {
"id": "CWE-1321",
"name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
},
"discovery_date": "2022-09-13T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:ce1247898969a1865d5d7eb865f659131d6dc58e78aecfc31c59615dc21dd48e_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:ce4f38fd64e2e1944e037097b3af9d5b8645f7fc5856b74cba00f94a1a60471f_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:f496643a0600a632a3ce216d67634cff9e6174aeb4d113743fd0443a40b535d9_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:3f410cd41ea91e0014d1cf8d7f3decb3bf0e3db5e9aa2612480a76f6797aa3b5_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:47720497b1bb8ee24993260359294eeeafdd888c71ccca6cb12d526e5c3a4a13_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:8abbc8a247ff6de3e5b212e6a2b0203600555e1f3f0c8599aaf19c9cdda59abb_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:a2de7f954c0878842b5e214d809382c7d0428b8d3ed22fa1516e49ec583d7790_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:bbd215d60e43f719ac81025128f30002bb11f1d29fa874f3b8b1ce61a9269628_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:c6cda704d37ed2d233ec225578cb8021429a64d77649c26672c876569a0696b6_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:351d18f13943b57b5599dc4c2af9970a6add2fbf2cd702f64128e156e4e8a991_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:bee9a86adcd6974536fa31d054a880238a720b8bfcd7efc5d656a0ddd5111d06_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:eebc6514999806d2726fea70bd7f4979dd71a7b2f2aa220ead6b5a838a0ffbdf_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:7b59f76549db37ee09757d79692c52abf1c01baea84fbc98ce5aabc530232f45_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:a4b7ddd16863e41a6642fc52c566d94069732afafdcbd761385be1e4e04c8521_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:bc137efedf8eaf278f508b7f652e7db96f3dcfbb1b685e5a9359680c77b1838a_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:4ffd0acfd05fa5cab68372121f34901adcef3f94d9c38beee8559f9ad8a0fd5a_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:8c3838d96559d417f8986703803843e77732d399d911097488a554b037e2e446_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:99e0a7f2861823dbd94ed53294a255aab2f710cc0c932dca84ae0681494e029b_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:0f35f2a716c4a04873d6dfad61f0d8fc262f2190609cd1cc5578da48cd9d0f4d_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:19821b7b74ed96b78f3322c1b770053c532c27b11b66978731ab4aa257991e81_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:8918686da37dad102867ad55788b2b0f7d750cf137b76a4ca51e244367de6375_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2126276"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in the async package. This flaw allows a malicious user to obtain privileges via the mapValues() method.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "async: Prototype Pollution in async",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:2371e4effbf6a4846599729701de09a5613a2df29fee9858b0526470d63a5eb7_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:a2e263be450ab7c304d5b9a79d13e8f65a2b82d259034fc34b8f69cfa8029601_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:f5d874b252b5fa89e85db384b81096cd84fbfafc593532bb6ea0175f680115c7_ppc64le"
],
"known_not_affected": [
"8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:ce1247898969a1865d5d7eb865f659131d6dc58e78aecfc31c59615dc21dd48e_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:ce4f38fd64e2e1944e037097b3af9d5b8645f7fc5856b74cba00f94a1a60471f_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:f496643a0600a632a3ce216d67634cff9e6174aeb4d113743fd0443a40b535d9_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:3f410cd41ea91e0014d1cf8d7f3decb3bf0e3db5e9aa2612480a76f6797aa3b5_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:47720497b1bb8ee24993260359294eeeafdd888c71ccca6cb12d526e5c3a4a13_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:8abbc8a247ff6de3e5b212e6a2b0203600555e1f3f0c8599aaf19c9cdda59abb_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:a2de7f954c0878842b5e214d809382c7d0428b8d3ed22fa1516e49ec583d7790_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:bbd215d60e43f719ac81025128f30002bb11f1d29fa874f3b8b1ce61a9269628_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:c6cda704d37ed2d233ec225578cb8021429a64d77649c26672c876569a0696b6_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:351d18f13943b57b5599dc4c2af9970a6add2fbf2cd702f64128e156e4e8a991_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:bee9a86adcd6974536fa31d054a880238a720b8bfcd7efc5d656a0ddd5111d06_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:eebc6514999806d2726fea70bd7f4979dd71a7b2f2aa220ead6b5a838a0ffbdf_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:7b59f76549db37ee09757d79692c52abf1c01baea84fbc98ce5aabc530232f45_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:a4b7ddd16863e41a6642fc52c566d94069732afafdcbd761385be1e4e04c8521_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:bc137efedf8eaf278f508b7f652e7db96f3dcfbb1b685e5a9359680c77b1838a_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:4ffd0acfd05fa5cab68372121f34901adcef3f94d9c38beee8559f9ad8a0fd5a_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:8c3838d96559d417f8986703803843e77732d399d911097488a554b037e2e446_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:99e0a7f2861823dbd94ed53294a255aab2f710cc0c932dca84ae0681494e029b_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:0f35f2a716c4a04873d6dfad61f0d8fc262f2190609cd1cc5578da48cd9d0f4d_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:19821b7b74ed96b78f3322c1b770053c532c27b11b66978731ab4aa257991e81_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:8918686da37dad102867ad55788b2b0f7d750cf137b76a4ca51e244367de6375_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-43138"
},
{
"category": "external",
"summary": "RHBZ#2126276",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126276"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-43138",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43138"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-43138",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43138"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-fwr7-v2mv-hh25",
"url": "https://github.com/advisories/GHSA-fwr7-v2mv-hh25"
}
],
"release_date": "2022-04-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T20:55:50+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:2371e4effbf6a4846599729701de09a5613a2df29fee9858b0526470d63a5eb7_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:a2e263be450ab7c304d5b9a79d13e8f65a2b82d259034fc34b8f69cfa8029601_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:f5d874b252b5fa89e85db384b81096cd84fbfafc593532bb6ea0175f680115c7_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3645"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:ce1247898969a1865d5d7eb865f659131d6dc58e78aecfc31c59615dc21dd48e_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:ce4f38fd64e2e1944e037097b3af9d5b8645f7fc5856b74cba00f94a1a60471f_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:f496643a0600a632a3ce216d67634cff9e6174aeb4d113743fd0443a40b535d9_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:3f410cd41ea91e0014d1cf8d7f3decb3bf0e3db5e9aa2612480a76f6797aa3b5_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:47720497b1bb8ee24993260359294eeeafdd888c71ccca6cb12d526e5c3a4a13_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:8abbc8a247ff6de3e5b212e6a2b0203600555e1f3f0c8599aaf19c9cdda59abb_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:a2de7f954c0878842b5e214d809382c7d0428b8d3ed22fa1516e49ec583d7790_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:bbd215d60e43f719ac81025128f30002bb11f1d29fa874f3b8b1ce61a9269628_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:c6cda704d37ed2d233ec225578cb8021429a64d77649c26672c876569a0696b6_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:351d18f13943b57b5599dc4c2af9970a6add2fbf2cd702f64128e156e4e8a991_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:bee9a86adcd6974536fa31d054a880238a720b8bfcd7efc5d656a0ddd5111d06_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:eebc6514999806d2726fea70bd7f4979dd71a7b2f2aa220ead6b5a838a0ffbdf_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:7b59f76549db37ee09757d79692c52abf1c01baea84fbc98ce5aabc530232f45_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:a4b7ddd16863e41a6642fc52c566d94069732afafdcbd761385be1e4e04c8521_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:bc137efedf8eaf278f508b7f652e7db96f3dcfbb1b685e5a9359680c77b1838a_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:2371e4effbf6a4846599729701de09a5613a2df29fee9858b0526470d63a5eb7_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:a2e263be450ab7c304d5b9a79d13e8f65a2b82d259034fc34b8f69cfa8029601_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:f5d874b252b5fa89e85db384b81096cd84fbfafc593532bb6ea0175f680115c7_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:4ffd0acfd05fa5cab68372121f34901adcef3f94d9c38beee8559f9ad8a0fd5a_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:8c3838d96559d417f8986703803843e77732d399d911097488a554b037e2e446_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:99e0a7f2861823dbd94ed53294a255aab2f710cc0c932dca84ae0681494e029b_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:0f35f2a716c4a04873d6dfad61f0d8fc262f2190609cd1cc5578da48cd9d0f4d_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:19821b7b74ed96b78f3322c1b770053c532c27b11b66978731ab4aa257991e81_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:8918686da37dad102867ad55788b2b0f7d750cf137b76a4ca51e244367de6375_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "async: Prototype Pollution in async"
},
{
"cve": "CVE-2022-24999",
"cwe": {
"id": "CWE-1321",
"name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
},
"discovery_date": "2022-12-02T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:ce1247898969a1865d5d7eb865f659131d6dc58e78aecfc31c59615dc21dd48e_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:ce4f38fd64e2e1944e037097b3af9d5b8645f7fc5856b74cba00f94a1a60471f_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:f496643a0600a632a3ce216d67634cff9e6174aeb4d113743fd0443a40b535d9_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:3f410cd41ea91e0014d1cf8d7f3decb3bf0e3db5e9aa2612480a76f6797aa3b5_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:47720497b1bb8ee24993260359294eeeafdd888c71ccca6cb12d526e5c3a4a13_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:8abbc8a247ff6de3e5b212e6a2b0203600555e1f3f0c8599aaf19c9cdda59abb_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:a2de7f954c0878842b5e214d809382c7d0428b8d3ed22fa1516e49ec583d7790_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:bbd215d60e43f719ac81025128f30002bb11f1d29fa874f3b8b1ce61a9269628_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:c6cda704d37ed2d233ec225578cb8021429a64d77649c26672c876569a0696b6_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:351d18f13943b57b5599dc4c2af9970a6add2fbf2cd702f64128e156e4e8a991_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:bee9a86adcd6974536fa31d054a880238a720b8bfcd7efc5d656a0ddd5111d06_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:eebc6514999806d2726fea70bd7f4979dd71a7b2f2aa220ead6b5a838a0ffbdf_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:7b59f76549db37ee09757d79692c52abf1c01baea84fbc98ce5aabc530232f45_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:a4b7ddd16863e41a6642fc52c566d94069732afafdcbd761385be1e4e04c8521_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:bc137efedf8eaf278f508b7f652e7db96f3dcfbb1b685e5a9359680c77b1838a_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:4ffd0acfd05fa5cab68372121f34901adcef3f94d9c38beee8559f9ad8a0fd5a_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:8c3838d96559d417f8986703803843e77732d399d911097488a554b037e2e446_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:99e0a7f2861823dbd94ed53294a255aab2f710cc0c932dca84ae0681494e029b_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:0f35f2a716c4a04873d6dfad61f0d8fc262f2190609cd1cc5578da48cd9d0f4d_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:19821b7b74ed96b78f3322c1b770053c532c27b11b66978731ab4aa257991e81_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:8918686da37dad102867ad55788b2b0f7d750cf137b76a4ca51e244367de6375_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2150323"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the express.js npm package of nodejs:14 module stream. Express.js Express is vulnerable to a denial of service caused by a prototype pollution flaw in qs. By adding or modifying properties of Object.prototype using a __proto__ or constructor payload, a remote attacker can cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "express: \"qs\" prototype poisoning causes the hang of the node process",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "- The qs and express Package is not used by the OpenShift Container Platform console directly and is only a third-party package dependency. Hence, it is marked as wontfix. \nAs a result, any services that depend on Openshift for their use of qs and express are marked won\u0027t fix. \n- In OpenShift Service Mesh, \u0027qs\u0027 is hoisted from storybook and node-sass, both are dev dependencies, and the vulnerability is not exposed to end users. Hence marked as wontfix.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:2371e4effbf6a4846599729701de09a5613a2df29fee9858b0526470d63a5eb7_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:a2e263be450ab7c304d5b9a79d13e8f65a2b82d259034fc34b8f69cfa8029601_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:f5d874b252b5fa89e85db384b81096cd84fbfafc593532bb6ea0175f680115c7_ppc64le"
],
"known_not_affected": [
"8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:ce1247898969a1865d5d7eb865f659131d6dc58e78aecfc31c59615dc21dd48e_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:ce4f38fd64e2e1944e037097b3af9d5b8645f7fc5856b74cba00f94a1a60471f_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:f496643a0600a632a3ce216d67634cff9e6174aeb4d113743fd0443a40b535d9_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:3f410cd41ea91e0014d1cf8d7f3decb3bf0e3db5e9aa2612480a76f6797aa3b5_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:47720497b1bb8ee24993260359294eeeafdd888c71ccca6cb12d526e5c3a4a13_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:8abbc8a247ff6de3e5b212e6a2b0203600555e1f3f0c8599aaf19c9cdda59abb_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:a2de7f954c0878842b5e214d809382c7d0428b8d3ed22fa1516e49ec583d7790_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:bbd215d60e43f719ac81025128f30002bb11f1d29fa874f3b8b1ce61a9269628_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:c6cda704d37ed2d233ec225578cb8021429a64d77649c26672c876569a0696b6_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:351d18f13943b57b5599dc4c2af9970a6add2fbf2cd702f64128e156e4e8a991_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:bee9a86adcd6974536fa31d054a880238a720b8bfcd7efc5d656a0ddd5111d06_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:eebc6514999806d2726fea70bd7f4979dd71a7b2f2aa220ead6b5a838a0ffbdf_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:7b59f76549db37ee09757d79692c52abf1c01baea84fbc98ce5aabc530232f45_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:a4b7ddd16863e41a6642fc52c566d94069732afafdcbd761385be1e4e04c8521_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:bc137efedf8eaf278f508b7f652e7db96f3dcfbb1b685e5a9359680c77b1838a_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:4ffd0acfd05fa5cab68372121f34901adcef3f94d9c38beee8559f9ad8a0fd5a_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:8c3838d96559d417f8986703803843e77732d399d911097488a554b037e2e446_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:99e0a7f2861823dbd94ed53294a255aab2f710cc0c932dca84ae0681494e029b_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:0f35f2a716c4a04873d6dfad61f0d8fc262f2190609cd1cc5578da48cd9d0f4d_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:19821b7b74ed96b78f3322c1b770053c532c27b11b66978731ab4aa257991e81_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:8918686da37dad102867ad55788b2b0f7d750cf137b76a4ca51e244367de6375_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-24999"
},
{
"category": "external",
"summary": "RHBZ#2150323",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150323"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-24999",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24999"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24999",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24999"
},
{
"category": "external",
"summary": "https://github.com/expressjs/express/releases/tag/4.17.3",
"url": "https://github.com/expressjs/express/releases/tag/4.17.3"
},
{
"category": "external",
"summary": "https://github.com/ljharb/qs/pull/428",
"url": "https://github.com/ljharb/qs/pull/428"
},
{
"category": "external",
"summary": "https://github.com/n8tz/CVE-2022-24999",
"url": "https://github.com/n8tz/CVE-2022-24999"
}
],
"release_date": "2022-11-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T20:55:50+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:2371e4effbf6a4846599729701de09a5613a2df29fee9858b0526470d63a5eb7_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:a2e263be450ab7c304d5b9a79d13e8f65a2b82d259034fc34b8f69cfa8029601_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:f5d874b252b5fa89e85db384b81096cd84fbfafc593532bb6ea0175f680115c7_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3645"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:ce1247898969a1865d5d7eb865f659131d6dc58e78aecfc31c59615dc21dd48e_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:ce4f38fd64e2e1944e037097b3af9d5b8645f7fc5856b74cba00f94a1a60471f_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:f496643a0600a632a3ce216d67634cff9e6174aeb4d113743fd0443a40b535d9_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:3f410cd41ea91e0014d1cf8d7f3decb3bf0e3db5e9aa2612480a76f6797aa3b5_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:47720497b1bb8ee24993260359294eeeafdd888c71ccca6cb12d526e5c3a4a13_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:8abbc8a247ff6de3e5b212e6a2b0203600555e1f3f0c8599aaf19c9cdda59abb_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:a2de7f954c0878842b5e214d809382c7d0428b8d3ed22fa1516e49ec583d7790_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:bbd215d60e43f719ac81025128f30002bb11f1d29fa874f3b8b1ce61a9269628_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:c6cda704d37ed2d233ec225578cb8021429a64d77649c26672c876569a0696b6_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:351d18f13943b57b5599dc4c2af9970a6add2fbf2cd702f64128e156e4e8a991_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:bee9a86adcd6974536fa31d054a880238a720b8bfcd7efc5d656a0ddd5111d06_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:eebc6514999806d2726fea70bd7f4979dd71a7b2f2aa220ead6b5a838a0ffbdf_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:7b59f76549db37ee09757d79692c52abf1c01baea84fbc98ce5aabc530232f45_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:a4b7ddd16863e41a6642fc52c566d94069732afafdcbd761385be1e4e04c8521_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:bc137efedf8eaf278f508b7f652e7db96f3dcfbb1b685e5a9359680c77b1838a_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:2371e4effbf6a4846599729701de09a5613a2df29fee9858b0526470d63a5eb7_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:a2e263be450ab7c304d5b9a79d13e8f65a2b82d259034fc34b8f69cfa8029601_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:f5d874b252b5fa89e85db384b81096cd84fbfafc593532bb6ea0175f680115c7_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:4ffd0acfd05fa5cab68372121f34901adcef3f94d9c38beee8559f9ad8a0fd5a_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:8c3838d96559d417f8986703803843e77732d399d911097488a554b037e2e446_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:99e0a7f2861823dbd94ed53294a255aab2f710cc0c932dca84ae0681494e029b_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:0f35f2a716c4a04873d6dfad61f0d8fc262f2190609cd1cc5578da48cd9d0f4d_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:19821b7b74ed96b78f3322c1b770053c532c27b11b66978731ab4aa257991e81_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:8918686da37dad102867ad55788b2b0f7d750cf137b76a4ca51e244367de6375_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "express: \"qs\" prototype poisoning causes the hang of the node process"
},
{
"cve": "CVE-2022-25858",
"discovery_date": "2022-09-13T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:ce1247898969a1865d5d7eb865f659131d6dc58e78aecfc31c59615dc21dd48e_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:ce4f38fd64e2e1944e037097b3af9d5b8645f7fc5856b74cba00f94a1a60471f_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:f496643a0600a632a3ce216d67634cff9e6174aeb4d113743fd0443a40b535d9_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:3f410cd41ea91e0014d1cf8d7f3decb3bf0e3db5e9aa2612480a76f6797aa3b5_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:47720497b1bb8ee24993260359294eeeafdd888c71ccca6cb12d526e5c3a4a13_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:8abbc8a247ff6de3e5b212e6a2b0203600555e1f3f0c8599aaf19c9cdda59abb_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:a2de7f954c0878842b5e214d809382c7d0428b8d3ed22fa1516e49ec583d7790_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:bbd215d60e43f719ac81025128f30002bb11f1d29fa874f3b8b1ce61a9269628_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:c6cda704d37ed2d233ec225578cb8021429a64d77649c26672c876569a0696b6_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:351d18f13943b57b5599dc4c2af9970a6add2fbf2cd702f64128e156e4e8a991_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:bee9a86adcd6974536fa31d054a880238a720b8bfcd7efc5d656a0ddd5111d06_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:eebc6514999806d2726fea70bd7f4979dd71a7b2f2aa220ead6b5a838a0ffbdf_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:7b59f76549db37ee09757d79692c52abf1c01baea84fbc98ce5aabc530232f45_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:a4b7ddd16863e41a6642fc52c566d94069732afafdcbd761385be1e4e04c8521_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:bc137efedf8eaf278f508b7f652e7db96f3dcfbb1b685e5a9359680c77b1838a_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:4ffd0acfd05fa5cab68372121f34901adcef3f94d9c38beee8559f9ad8a0fd5a_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:8c3838d96559d417f8986703803843e77732d399d911097488a554b037e2e446_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:99e0a7f2861823dbd94ed53294a255aab2f710cc0c932dca84ae0681494e029b_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:0f35f2a716c4a04873d6dfad61f0d8fc262f2190609cd1cc5578da48cd9d0f4d_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:19821b7b74ed96b78f3322c1b770053c532c27b11b66978731ab4aa257991e81_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:8918686da37dad102867ad55788b2b0f7d750cf137b76a4ca51e244367de6375_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2126277"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in the terser package. Affected versions of this package are vulnerable to Regular expression denial of service (ReDoS) attacks, affecting system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "terser: insecure use of regular expressions leads to ReDoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "For OpenShift Do (odo) product terser is shipped only for using in static page generators for upstream, thus this represents no security risk.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:2371e4effbf6a4846599729701de09a5613a2df29fee9858b0526470d63a5eb7_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:a2e263be450ab7c304d5b9a79d13e8f65a2b82d259034fc34b8f69cfa8029601_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:f5d874b252b5fa89e85db384b81096cd84fbfafc593532bb6ea0175f680115c7_ppc64le"
],
"known_not_affected": [
"8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:ce1247898969a1865d5d7eb865f659131d6dc58e78aecfc31c59615dc21dd48e_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:ce4f38fd64e2e1944e037097b3af9d5b8645f7fc5856b74cba00f94a1a60471f_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:f496643a0600a632a3ce216d67634cff9e6174aeb4d113743fd0443a40b535d9_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:3f410cd41ea91e0014d1cf8d7f3decb3bf0e3db5e9aa2612480a76f6797aa3b5_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:47720497b1bb8ee24993260359294eeeafdd888c71ccca6cb12d526e5c3a4a13_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:8abbc8a247ff6de3e5b212e6a2b0203600555e1f3f0c8599aaf19c9cdda59abb_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:a2de7f954c0878842b5e214d809382c7d0428b8d3ed22fa1516e49ec583d7790_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:bbd215d60e43f719ac81025128f30002bb11f1d29fa874f3b8b1ce61a9269628_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:c6cda704d37ed2d233ec225578cb8021429a64d77649c26672c876569a0696b6_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:351d18f13943b57b5599dc4c2af9970a6add2fbf2cd702f64128e156e4e8a991_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:bee9a86adcd6974536fa31d054a880238a720b8bfcd7efc5d656a0ddd5111d06_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:eebc6514999806d2726fea70bd7f4979dd71a7b2f2aa220ead6b5a838a0ffbdf_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:7b59f76549db37ee09757d79692c52abf1c01baea84fbc98ce5aabc530232f45_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:a4b7ddd16863e41a6642fc52c566d94069732afafdcbd761385be1e4e04c8521_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:bc137efedf8eaf278f508b7f652e7db96f3dcfbb1b685e5a9359680c77b1838a_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:4ffd0acfd05fa5cab68372121f34901adcef3f94d9c38beee8559f9ad8a0fd5a_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:8c3838d96559d417f8986703803843e77732d399d911097488a554b037e2e446_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:99e0a7f2861823dbd94ed53294a255aab2f710cc0c932dca84ae0681494e029b_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:0f35f2a716c4a04873d6dfad61f0d8fc262f2190609cd1cc5578da48cd9d0f4d_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:19821b7b74ed96b78f3322c1b770053c532c27b11b66978731ab4aa257991e81_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:8918686da37dad102867ad55788b2b0f7d750cf137b76a4ca51e244367de6375_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-25858"
},
{
"category": "external",
"summary": "RHBZ#2126277",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126277"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-25858",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25858"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25858",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25858"
}
],
"release_date": "2022-07-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T20:55:50+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:2371e4effbf6a4846599729701de09a5613a2df29fee9858b0526470d63a5eb7_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:a2e263be450ab7c304d5b9a79d13e8f65a2b82d259034fc34b8f69cfa8029601_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:f5d874b252b5fa89e85db384b81096cd84fbfafc593532bb6ea0175f680115c7_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3645"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:ce1247898969a1865d5d7eb865f659131d6dc58e78aecfc31c59615dc21dd48e_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:ce4f38fd64e2e1944e037097b3af9d5b8645f7fc5856b74cba00f94a1a60471f_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:f496643a0600a632a3ce216d67634cff9e6174aeb4d113743fd0443a40b535d9_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:3f410cd41ea91e0014d1cf8d7f3decb3bf0e3db5e9aa2612480a76f6797aa3b5_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:47720497b1bb8ee24993260359294eeeafdd888c71ccca6cb12d526e5c3a4a13_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:8abbc8a247ff6de3e5b212e6a2b0203600555e1f3f0c8599aaf19c9cdda59abb_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:a2de7f954c0878842b5e214d809382c7d0428b8d3ed22fa1516e49ec583d7790_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:bbd215d60e43f719ac81025128f30002bb11f1d29fa874f3b8b1ce61a9269628_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:c6cda704d37ed2d233ec225578cb8021429a64d77649c26672c876569a0696b6_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:351d18f13943b57b5599dc4c2af9970a6add2fbf2cd702f64128e156e4e8a991_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:bee9a86adcd6974536fa31d054a880238a720b8bfcd7efc5d656a0ddd5111d06_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:eebc6514999806d2726fea70bd7f4979dd71a7b2f2aa220ead6b5a838a0ffbdf_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:7b59f76549db37ee09757d79692c52abf1c01baea84fbc98ce5aabc530232f45_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:a4b7ddd16863e41a6642fc52c566d94069732afafdcbd761385be1e4e04c8521_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:bc137efedf8eaf278f508b7f652e7db96f3dcfbb1b685e5a9359680c77b1838a_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:2371e4effbf6a4846599729701de09a5613a2df29fee9858b0526470d63a5eb7_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:a2e263be450ab7c304d5b9a79d13e8f65a2b82d259034fc34b8f69cfa8029601_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:f5d874b252b5fa89e85db384b81096cd84fbfafc593532bb6ea0175f680115c7_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:4ffd0acfd05fa5cab68372121f34901adcef3f94d9c38beee8559f9ad8a0fd5a_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:8c3838d96559d417f8986703803843e77732d399d911097488a554b037e2e446_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:99e0a7f2861823dbd94ed53294a255aab2f710cc0c932dca84ae0681494e029b_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:0f35f2a716c4a04873d6dfad61f0d8fc262f2190609cd1cc5578da48cd9d0f4d_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:19821b7b74ed96b78f3322c1b770053c532c27b11b66978731ab4aa257991e81_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:8918686da37dad102867ad55788b2b0f7d750cf137b76a4ca51e244367de6375_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "terser: insecure use of regular expressions leads to ReDoS"
}
]
}
SUSE-RU-2024:0511-1
Vulnerability from csaf_suse - Published: 2024-02-15 13:42 - Updated: 2024-02-15 13:42Summary
Recommended update for grafana
Severity
Moderate
Notes
Title of the patch: Recommended update for grafana
Description of the patch: This update for grafana fixes the following issues:
- Fixed changelog entries for the Bugzilla trackers related to previously implemented security fixes
(no source code changes)
Patchnames: SUSE-2024-511,SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-511,openSUSE-SLE-15.5-2024-511
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.8-150200.3.53.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.8-150200.3.53.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.8-150200.3.53.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.8-150200.3.53.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:grafana-9.5.8-150200.3.53.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:grafana-9.5.8-150200.3.53.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:grafana-9.5.8-150200.3.53.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:grafana-9.5.8-150200.3.53.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.8-150200.3.53.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.8-150200.3.53.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.8-150200.3.53.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.8-150200.3.53.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:grafana-9.5.8-150200.3.53.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:grafana-9.5.8-150200.3.53.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:grafana-9.5.8-150200.3.53.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:grafana-9.5.8-150200.3.53.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.8-150200.3.53.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.8-150200.3.53.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.8-150200.3.53.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.8-150200.3.53.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:grafana-9.5.8-150200.3.53.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:grafana-9.5.8-150200.3.53.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:grafana-9.5.8-150200.3.53.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:grafana-9.5.8-150200.3.53.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.8-150200.3.53.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.8-150200.3.53.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.8-150200.3.53.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.8-150200.3.53.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:grafana-9.5.8-150200.3.53.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:grafana-9.5.8-150200.3.53.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:grafana-9.5.8-150200.3.53.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:grafana-9.5.8-150200.3.53.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.8-150200.3.53.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.8-150200.3.53.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.8-150200.3.53.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.8-150200.3.53.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:grafana-9.5.8-150200.3.53.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:grafana-9.5.8-150200.3.53.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:grafana-9.5.8-150200.3.53.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:grafana-9.5.8-150200.3.53.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
24 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Recommended update for grafana",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for grafana fixes the following issues:\n\n- Fixed changelog entries for the Bugzilla trackers related to previously implemented security fixes \n (no source code changes)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2024-511,SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-511,openSUSE-SLE-15.5-2024-511",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-ru-2024_0511-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-RU-2024:0511-1",
"url": "https://www.suse.com/support/update/announcement//suse-ru-20240511-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-RU-2024:0511-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2024-February/034231.html"
},
{
"category": "self",
"summary": "SUSE Bug 1192154",
"url": "https://bugzilla.suse.com/1192154"
},
{
"category": "self",
"summary": "SUSE Bug 1192696",
"url": "https://bugzilla.suse.com/1192696"
},
{
"category": "self",
"summary": "SUSE Bug 1200480",
"url": "https://bugzilla.suse.com/1200480"
},
{
"category": "self",
"summary": "SUSE Bug 1218843",
"url": "https://bugzilla.suse.com/1218843"
},
{
"category": "self",
"summary": "SUSE Bug 1218844",
"url": "https://bugzilla.suse.com/1218844"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-7753 page",
"url": "https://www.suse.com/security/cve/CVE-2020-7753/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3807 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3807/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3918 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3918/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-43138 page",
"url": "https://www.suse.com/security/cve/CVE-2021-43138/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0155 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0155/"
}
],
"title": "Recommended update for grafana",
"tracking": {
"current_release_date": "2024-02-15T13:42:44Z",
"generator": {
"date": "2024-02-15T13:42:44Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-RU-2024:0511-1",
"initial_release_date": "2024-02-15T13:42:44Z",
"revision_history": [
{
"date": "2024-02-15T13:42:44Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "grafana-9.5.8-150200.3.53.2.aarch64",
"product": {
"name": "grafana-9.5.8-150200.3.53.2.aarch64",
"product_id": "grafana-9.5.8-150200.3.53.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-9.5.8-150200.3.53.2.i586",
"product": {
"name": "grafana-9.5.8-150200.3.53.2.i586",
"product_id": "grafana-9.5.8-150200.3.53.2.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-9.5.8-150200.3.53.2.ppc64le",
"product": {
"name": "grafana-9.5.8-150200.3.53.2.ppc64le",
"product_id": "grafana-9.5.8-150200.3.53.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-9.5.8-150200.3.53.2.s390x",
"product": {
"name": "grafana-9.5.8-150200.3.53.2.s390x",
"product_id": "grafana-9.5.8-150200.3.53.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-9.5.8-150200.3.53.2.x86_64",
"product": {
"name": "grafana-9.5.8-150200.3.53.2.x86_64",
"product_id": "grafana-9.5.8-150200.3.53.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Package Hub 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Module for Package Hub 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:packagehub:15:sp5"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.5",
"product": {
"name": "openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-9.5.8-150200.3.53.2.aarch64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.8-150200.3.53.2.aarch64"
},
"product_reference": "grafana-9.5.8-150200.3.53.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-9.5.8-150200.3.53.2.ppc64le as component of SUSE Linux Enterprise Module for Package Hub 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.8-150200.3.53.2.ppc64le"
},
"product_reference": "grafana-9.5.8-150200.3.53.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-9.5.8-150200.3.53.2.s390x as component of SUSE Linux Enterprise Module for Package Hub 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.8-150200.3.53.2.s390x"
},
"product_reference": "grafana-9.5.8-150200.3.53.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-9.5.8-150200.3.53.2.x86_64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.8-150200.3.53.2.x86_64"
},
"product_reference": "grafana-9.5.8-150200.3.53.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-9.5.8-150200.3.53.2.aarch64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:grafana-9.5.8-150200.3.53.2.aarch64"
},
"product_reference": "grafana-9.5.8-150200.3.53.2.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-9.5.8-150200.3.53.2.ppc64le as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:grafana-9.5.8-150200.3.53.2.ppc64le"
},
"product_reference": "grafana-9.5.8-150200.3.53.2.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-9.5.8-150200.3.53.2.s390x as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:grafana-9.5.8-150200.3.53.2.s390x"
},
"product_reference": "grafana-9.5.8-150200.3.53.2.s390x",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-9.5.8-150200.3.53.2.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:grafana-9.5.8-150200.3.53.2.x86_64"
},
"product_reference": "grafana-9.5.8-150200.3.53.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-7753",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-7753"
}
],
"notes": [
{
"category": "general",
"text": "All versions of package trim are vulnerable to Regular Expression Denial of Service (ReDoS) via trim().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.8-150200.3.53.2.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.8-150200.3.53.2.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.8-150200.3.53.2.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.8-150200.3.53.2.x86_64",
"openSUSE Leap 15.5:grafana-9.5.8-150200.3.53.2.aarch64",
"openSUSE Leap 15.5:grafana-9.5.8-150200.3.53.2.ppc64le",
"openSUSE Leap 15.5:grafana-9.5.8-150200.3.53.2.s390x",
"openSUSE Leap 15.5:grafana-9.5.8-150200.3.53.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-7753",
"url": "https://www.suse.com/security/cve/CVE-2020-7753"
},
{
"category": "external",
"summary": "SUSE Bug 1218843 for CVE-2020-7753",
"url": "https://bugzilla.suse.com/1218843"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.8-150200.3.53.2.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.8-150200.3.53.2.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.8-150200.3.53.2.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.8-150200.3.53.2.x86_64",
"openSUSE Leap 15.5:grafana-9.5.8-150200.3.53.2.aarch64",
"openSUSE Leap 15.5:grafana-9.5.8-150200.3.53.2.ppc64le",
"openSUSE Leap 15.5:grafana-9.5.8-150200.3.53.2.s390x",
"openSUSE Leap 15.5:grafana-9.5.8-150200.3.53.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.8-150200.3.53.2.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.8-150200.3.53.2.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.8-150200.3.53.2.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.8-150200.3.53.2.x86_64",
"openSUSE Leap 15.5:grafana-9.5.8-150200.3.53.2.aarch64",
"openSUSE Leap 15.5:grafana-9.5.8-150200.3.53.2.ppc64le",
"openSUSE Leap 15.5:grafana-9.5.8-150200.3.53.2.s390x",
"openSUSE Leap 15.5:grafana-9.5.8-150200.3.53.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-02-15T13:42:44Z",
"details": "important"
}
],
"title": "CVE-2020-7753"
},
{
"cve": "CVE-2021-3807",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3807"
}
],
"notes": [
{
"category": "general",
"text": "ansi-regex is vulnerable to Inefficient Regular Expression Complexity",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.8-150200.3.53.2.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.8-150200.3.53.2.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.8-150200.3.53.2.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.8-150200.3.53.2.x86_64",
"openSUSE Leap 15.5:grafana-9.5.8-150200.3.53.2.aarch64",
"openSUSE Leap 15.5:grafana-9.5.8-150200.3.53.2.ppc64le",
"openSUSE Leap 15.5:grafana-9.5.8-150200.3.53.2.s390x",
"openSUSE Leap 15.5:grafana-9.5.8-150200.3.53.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3807",
"url": "https://www.suse.com/security/cve/CVE-2021-3807"
},
{
"category": "external",
"summary": "SUSE Bug 1192154 for CVE-2021-3807",
"url": "https://bugzilla.suse.com/1192154"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.8-150200.3.53.2.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.8-150200.3.53.2.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.8-150200.3.53.2.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.8-150200.3.53.2.x86_64",
"openSUSE Leap 15.5:grafana-9.5.8-150200.3.53.2.aarch64",
"openSUSE Leap 15.5:grafana-9.5.8-150200.3.53.2.ppc64le",
"openSUSE Leap 15.5:grafana-9.5.8-150200.3.53.2.s390x",
"openSUSE Leap 15.5:grafana-9.5.8-150200.3.53.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.8-150200.3.53.2.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.8-150200.3.53.2.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.8-150200.3.53.2.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.8-150200.3.53.2.x86_64",
"openSUSE Leap 15.5:grafana-9.5.8-150200.3.53.2.aarch64",
"openSUSE Leap 15.5:grafana-9.5.8-150200.3.53.2.ppc64le",
"openSUSE Leap 15.5:grafana-9.5.8-150200.3.53.2.s390x",
"openSUSE Leap 15.5:grafana-9.5.8-150200.3.53.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-02-15T13:42:44Z",
"details": "important"
}
],
"title": "CVE-2021-3807"
},
{
"cve": "CVE-2021-3918",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3918"
}
],
"notes": [
{
"category": "general",
"text": "json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.8-150200.3.53.2.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.8-150200.3.53.2.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.8-150200.3.53.2.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.8-150200.3.53.2.x86_64",
"openSUSE Leap 15.5:grafana-9.5.8-150200.3.53.2.aarch64",
"openSUSE Leap 15.5:grafana-9.5.8-150200.3.53.2.ppc64le",
"openSUSE Leap 15.5:grafana-9.5.8-150200.3.53.2.s390x",
"openSUSE Leap 15.5:grafana-9.5.8-150200.3.53.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3918",
"url": "https://www.suse.com/security/cve/CVE-2021-3918"
},
{
"category": "external",
"summary": "SUSE Bug 1192696 for CVE-2021-3918",
"url": "https://bugzilla.suse.com/1192696"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.8-150200.3.53.2.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.8-150200.3.53.2.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.8-150200.3.53.2.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.8-150200.3.53.2.x86_64",
"openSUSE Leap 15.5:grafana-9.5.8-150200.3.53.2.aarch64",
"openSUSE Leap 15.5:grafana-9.5.8-150200.3.53.2.ppc64le",
"openSUSE Leap 15.5:grafana-9.5.8-150200.3.53.2.s390x",
"openSUSE Leap 15.5:grafana-9.5.8-150200.3.53.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.8-150200.3.53.2.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.8-150200.3.53.2.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.8-150200.3.53.2.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.8-150200.3.53.2.x86_64",
"openSUSE Leap 15.5:grafana-9.5.8-150200.3.53.2.aarch64",
"openSUSE Leap 15.5:grafana-9.5.8-150200.3.53.2.ppc64le",
"openSUSE Leap 15.5:grafana-9.5.8-150200.3.53.2.s390x",
"openSUSE Leap 15.5:grafana-9.5.8-150200.3.53.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-02-15T13:42:44Z",
"details": "important"
}
],
"title": "CVE-2021-3918"
},
{
"cve": "CVE-2021-43138",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-43138"
}
],
"notes": [
{
"category": "general",
"text": "In Async before 2.6.4 and 3.x before 3.2.2, a malicious user can obtain privileges via the mapValues() method, aka lib/internal/iterator.js createObjectIterator prototype pollution.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.8-150200.3.53.2.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.8-150200.3.53.2.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.8-150200.3.53.2.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.8-150200.3.53.2.x86_64",
"openSUSE Leap 15.5:grafana-9.5.8-150200.3.53.2.aarch64",
"openSUSE Leap 15.5:grafana-9.5.8-150200.3.53.2.ppc64le",
"openSUSE Leap 15.5:grafana-9.5.8-150200.3.53.2.s390x",
"openSUSE Leap 15.5:grafana-9.5.8-150200.3.53.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-43138",
"url": "https://www.suse.com/security/cve/CVE-2021-43138"
},
{
"category": "external",
"summary": "SUSE Bug 1200480 for CVE-2021-43138",
"url": "https://bugzilla.suse.com/1200480"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.8-150200.3.53.2.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.8-150200.3.53.2.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.8-150200.3.53.2.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.8-150200.3.53.2.x86_64",
"openSUSE Leap 15.5:grafana-9.5.8-150200.3.53.2.aarch64",
"openSUSE Leap 15.5:grafana-9.5.8-150200.3.53.2.ppc64le",
"openSUSE Leap 15.5:grafana-9.5.8-150200.3.53.2.s390x",
"openSUSE Leap 15.5:grafana-9.5.8-150200.3.53.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.8-150200.3.53.2.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.8-150200.3.53.2.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.8-150200.3.53.2.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.8-150200.3.53.2.x86_64",
"openSUSE Leap 15.5:grafana-9.5.8-150200.3.53.2.aarch64",
"openSUSE Leap 15.5:grafana-9.5.8-150200.3.53.2.ppc64le",
"openSUSE Leap 15.5:grafana-9.5.8-150200.3.53.2.s390x",
"openSUSE Leap 15.5:grafana-9.5.8-150200.3.53.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-02-15T13:42:44Z",
"details": "important"
}
],
"title": "CVE-2021-43138"
},
{
"cve": "CVE-2022-0155",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0155"
}
],
"notes": [
{
"category": "general",
"text": "follow-redirects is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.8-150200.3.53.2.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.8-150200.3.53.2.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.8-150200.3.53.2.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.8-150200.3.53.2.x86_64",
"openSUSE Leap 15.5:grafana-9.5.8-150200.3.53.2.aarch64",
"openSUSE Leap 15.5:grafana-9.5.8-150200.3.53.2.ppc64le",
"openSUSE Leap 15.5:grafana-9.5.8-150200.3.53.2.s390x",
"openSUSE Leap 15.5:grafana-9.5.8-150200.3.53.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0155",
"url": "https://www.suse.com/security/cve/CVE-2022-0155"
},
{
"category": "external",
"summary": "SUSE Bug 1218844 for CVE-2022-0155",
"url": "https://bugzilla.suse.com/1218844"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.8-150200.3.53.2.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.8-150200.3.53.2.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.8-150200.3.53.2.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.8-150200.3.53.2.x86_64",
"openSUSE Leap 15.5:grafana-9.5.8-150200.3.53.2.aarch64",
"openSUSE Leap 15.5:grafana-9.5.8-150200.3.53.2.ppc64le",
"openSUSE Leap 15.5:grafana-9.5.8-150200.3.53.2.s390x",
"openSUSE Leap 15.5:grafana-9.5.8-150200.3.53.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.8-150200.3.53.2.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.8-150200.3.53.2.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.8-150200.3.53.2.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.8-150200.3.53.2.x86_64",
"openSUSE Leap 15.5:grafana-9.5.8-150200.3.53.2.aarch64",
"openSUSE Leap 15.5:grafana-9.5.8-150200.3.53.2.ppc64le",
"openSUSE Leap 15.5:grafana-9.5.8-150200.3.53.2.s390x",
"openSUSE Leap 15.5:grafana-9.5.8-150200.3.53.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-02-15T13:42:44Z",
"details": "moderate"
}
],
"title": "CVE-2022-0155"
}
]
}
SUSE-SU-2022:3313-1
Vulnerability from csaf_suse - Published: 2022-09-19 15:37 - Updated: 2022-09-19 15:37Summary
Security update for release-notes-susemanager, release-notes-susemanager-proxy
Severity
Critical
Notes
Title of the patch: Security update for release-notes-susemanager, release-notes-susemanager-proxy
Description of the patch: This update for release-notes-susemanager, release-notes-susemanager-proxy fixes the following issues:
Release notes for SUSE Manager:
- Update to SUSE:Manager 4.2.9
* Notification about SUSE Manager end-of-life has been added
* CVEs fixed: CVE-2021-43138, CVE-2021-42740, CVE-2022-31129, CVE-2021-41411
* Bugs mentioned:
bsc#1172705, bsc#1187028, bsc#1195455, bsc#1195895, bsc#1196729
bsc#1198168, bsc#1198489, bsc#1198738, bsc#1198903, bsc#1199372
bsc#1199659, bsc#1199913, bsc#1199950, bsc#1200276, bsc#1200296
bsc#1200480, bsc#1200532, bsc#1200573, bsc#1200591, bsc#1200629
bsc#1201142, bsc#1201189, bsc#1201210, bsc#1201220, bsc#1201224
bsc#1201527, bsc#1201606, bsc#1201607, bsc#1201626, bsc#1201753
bsc#1201913, bsc#1201918, bsc#1202142, bsc#1202272, bsc#1202464
bsc#1202728, bsc#1203287, bsc#1203288, bsc#1203449
Release notes for SUSE Manager Proxy:
- Update to SUSE Manager 4.2.9
* CVEs fixed: CVE-2021-43138, CVE-2021-42740, CVE-2022-31129
* Bugs mentioned:
bsc#1198168, bsc#1198903, bsc#1199659, bsc#1200480, bsc#1200591
bsc#1201142, bsc#1202142, bsc#1202724
Patchnames: SUSE-2022-3313,SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2022-3313,SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.2-2022-3313,SUSE-SLE-Product-SUSE-Manager-Server-4.2-2022-3313
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager Proxy 4.2:release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Retail Branch Server 4.2:release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
9.8 (Critical)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager Proxy 4.2:release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Retail Branch Server 4.2:release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
7.8 (High)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager Proxy 4.2:release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Retail Branch Server 4.2:release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager Proxy 4.2:release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Retail Branch Server 4.2:release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
56 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for release-notes-susemanager, release-notes-susemanager-proxy",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for release-notes-susemanager, release-notes-susemanager-proxy fixes the following issues:\n\nRelease notes for SUSE Manager:\n\n- Update to SUSE:Manager 4.2.9\n * Notification about SUSE Manager end-of-life has been added\n * CVEs fixed: CVE-2021-43138, CVE-2021-42740, CVE-2022-31129, CVE-2021-41411\n * Bugs mentioned:\n bsc#1172705, bsc#1187028, bsc#1195455, bsc#1195895, bsc#1196729\n bsc#1198168, bsc#1198489, bsc#1198738, bsc#1198903, bsc#1199372\n bsc#1199659, bsc#1199913, bsc#1199950, bsc#1200276, bsc#1200296\n bsc#1200480, bsc#1200532, bsc#1200573, bsc#1200591, bsc#1200629\n bsc#1201142, bsc#1201189, bsc#1201210, bsc#1201220, bsc#1201224\n bsc#1201527, bsc#1201606, bsc#1201607, bsc#1201626, bsc#1201753\n bsc#1201913, bsc#1201918, bsc#1202142, bsc#1202272, bsc#1202464\n bsc#1202728, bsc#1203287, bsc#1203288, bsc#1203449\n\nRelease notes for SUSE Manager Proxy:\n\n- Update to SUSE Manager 4.2.9\n * CVEs fixed: CVE-2021-43138, CVE-2021-42740, CVE-2022-31129\n * Bugs mentioned:\n bsc#1198168, bsc#1198903, bsc#1199659, bsc#1200480, bsc#1200591\n bsc#1201142, bsc#1202142, bsc#1202724\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2022-3313,SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2022-3313,SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.2-2022-3313,SUSE-SLE-Product-SUSE-Manager-Server-4.2-2022-3313",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_3313-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2022:3313-1",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20223313-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2022:3313-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-September/012289.html"
},
{
"category": "self",
"summary": "SUSE Bug 1172705",
"url": "https://bugzilla.suse.com/1172705"
},
{
"category": "self",
"summary": "SUSE Bug 1187028",
"url": "https://bugzilla.suse.com/1187028"
},
{
"category": "self",
"summary": "SUSE Bug 1195455",
"url": "https://bugzilla.suse.com/1195455"
},
{
"category": "self",
"summary": "SUSE Bug 1195895",
"url": "https://bugzilla.suse.com/1195895"
},
{
"category": "self",
"summary": "SUSE Bug 1196729",
"url": "https://bugzilla.suse.com/1196729"
},
{
"category": "self",
"summary": "SUSE Bug 1198168",
"url": "https://bugzilla.suse.com/1198168"
},
{
"category": "self",
"summary": "SUSE Bug 1198489",
"url": "https://bugzilla.suse.com/1198489"
},
{
"category": "self",
"summary": "SUSE Bug 1198738",
"url": "https://bugzilla.suse.com/1198738"
},
{
"category": "self",
"summary": "SUSE Bug 1198903",
"url": "https://bugzilla.suse.com/1198903"
},
{
"category": "self",
"summary": "SUSE Bug 1199372",
"url": "https://bugzilla.suse.com/1199372"
},
{
"category": "self",
"summary": "SUSE Bug 1199659",
"url": "https://bugzilla.suse.com/1199659"
},
{
"category": "self",
"summary": "SUSE Bug 1199913",
"url": "https://bugzilla.suse.com/1199913"
},
{
"category": "self",
"summary": "SUSE Bug 1199950",
"url": "https://bugzilla.suse.com/1199950"
},
{
"category": "self",
"summary": "SUSE Bug 1200276",
"url": "https://bugzilla.suse.com/1200276"
},
{
"category": "self",
"summary": "SUSE Bug 1200296",
"url": "https://bugzilla.suse.com/1200296"
},
{
"category": "self",
"summary": "SUSE Bug 1200480",
"url": "https://bugzilla.suse.com/1200480"
},
{
"category": "self",
"summary": "SUSE Bug 1200532",
"url": "https://bugzilla.suse.com/1200532"
},
{
"category": "self",
"summary": "SUSE Bug 1200573",
"url": "https://bugzilla.suse.com/1200573"
},
{
"category": "self",
"summary": "SUSE Bug 1200591",
"url": "https://bugzilla.suse.com/1200591"
},
{
"category": "self",
"summary": "SUSE Bug 1200629",
"url": "https://bugzilla.suse.com/1200629"
},
{
"category": "self",
"summary": "SUSE Bug 1201142",
"url": "https://bugzilla.suse.com/1201142"
},
{
"category": "self",
"summary": "SUSE Bug 1201189",
"url": "https://bugzilla.suse.com/1201189"
},
{
"category": "self",
"summary": "SUSE Bug 1201210",
"url": "https://bugzilla.suse.com/1201210"
},
{
"category": "self",
"summary": "SUSE Bug 1201220",
"url": "https://bugzilla.suse.com/1201220"
},
{
"category": "self",
"summary": "SUSE Bug 1201224",
"url": "https://bugzilla.suse.com/1201224"
},
{
"category": "self",
"summary": "SUSE Bug 1201527",
"url": "https://bugzilla.suse.com/1201527"
},
{
"category": "self",
"summary": "SUSE Bug 1201606",
"url": "https://bugzilla.suse.com/1201606"
},
{
"category": "self",
"summary": "SUSE Bug 1201607",
"url": "https://bugzilla.suse.com/1201607"
},
{
"category": "self",
"summary": "SUSE Bug 1201626",
"url": "https://bugzilla.suse.com/1201626"
},
{
"category": "self",
"summary": "SUSE Bug 1201753",
"url": "https://bugzilla.suse.com/1201753"
},
{
"category": "self",
"summary": "SUSE Bug 1201913",
"url": "https://bugzilla.suse.com/1201913"
},
{
"category": "self",
"summary": "SUSE Bug 1201918",
"url": "https://bugzilla.suse.com/1201918"
},
{
"category": "self",
"summary": "SUSE Bug 1202142",
"url": "https://bugzilla.suse.com/1202142"
},
{
"category": "self",
"summary": "SUSE Bug 1202272",
"url": "https://bugzilla.suse.com/1202272"
},
{
"category": "self",
"summary": "SUSE Bug 1202464",
"url": "https://bugzilla.suse.com/1202464"
},
{
"category": "self",
"summary": "SUSE Bug 1202724",
"url": "https://bugzilla.suse.com/1202724"
},
{
"category": "self",
"summary": "SUSE Bug 1202728",
"url": "https://bugzilla.suse.com/1202728"
},
{
"category": "self",
"summary": "SUSE Bug 1203287",
"url": "https://bugzilla.suse.com/1203287"
},
{
"category": "self",
"summary": "SUSE Bug 1203288",
"url": "https://bugzilla.suse.com/1203288"
},
{
"category": "self",
"summary": "SUSE Bug 1203449",
"url": "https://bugzilla.suse.com/1203449"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-41411 page",
"url": "https://www.suse.com/security/cve/CVE-2021-41411/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-42740 page",
"url": "https://www.suse.com/security/cve/CVE-2021-42740/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-43138 page",
"url": "https://www.suse.com/security/cve/CVE-2021-43138/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-31129 page",
"url": "https://www.suse.com/security/cve/CVE-2022-31129/"
}
],
"title": "Security update for release-notes-susemanager, release-notes-susemanager-proxy",
"tracking": {
"current_release_date": "2022-09-19T15:37:27Z",
"generator": {
"date": "2022-09-19T15:37:27Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2022:3313-1",
"initial_release_date": "2022-09-19T15:37:27Z",
"revision_history": [
{
"date": "2022-09-19T15:37:27Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "release-notes-susemanager-4.2.9-150300.3.54.1.aarch64",
"product": {
"name": "release-notes-susemanager-4.2.9-150300.3.54.1.aarch64",
"product_id": "release-notes-susemanager-4.2.9-150300.3.54.1.aarch64"
}
},
{
"category": "product_version",
"name": "release-notes-susemanager-proxy-4.2.9-150300.3.43.1.aarch64",
"product": {
"name": "release-notes-susemanager-proxy-4.2.9-150300.3.43.1.aarch64",
"product_id": "release-notes-susemanager-proxy-4.2.9-150300.3.43.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "release-notes-susemanager-4.2.9-150300.3.54.1.i586",
"product": {
"name": "release-notes-susemanager-4.2.9-150300.3.54.1.i586",
"product_id": "release-notes-susemanager-4.2.9-150300.3.54.1.i586"
}
},
{
"category": "product_version",
"name": "release-notes-susemanager-proxy-4.2.9-150300.3.43.1.i586",
"product": {
"name": "release-notes-susemanager-proxy-4.2.9-150300.3.43.1.i586",
"product_id": "release-notes-susemanager-proxy-4.2.9-150300.3.43.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "release-notes-susemanager-4.2.9-150300.3.54.1.ppc64le",
"product": {
"name": "release-notes-susemanager-4.2.9-150300.3.54.1.ppc64le",
"product_id": "release-notes-susemanager-4.2.9-150300.3.54.1.ppc64le"
}
},
{
"category": "product_version",
"name": "release-notes-susemanager-proxy-4.2.9-150300.3.43.1.ppc64le",
"product": {
"name": "release-notes-susemanager-proxy-4.2.9-150300.3.43.1.ppc64le",
"product_id": "release-notes-susemanager-proxy-4.2.9-150300.3.43.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "release-notes-susemanager-4.2.9-150300.3.54.1.s390x",
"product": {
"name": "release-notes-susemanager-4.2.9-150300.3.54.1.s390x",
"product_id": "release-notes-susemanager-4.2.9-150300.3.54.1.s390x"
}
},
{
"category": "product_version",
"name": "release-notes-susemanager-proxy-4.2.9-150300.3.43.1.s390x",
"product": {
"name": "release-notes-susemanager-proxy-4.2.9-150300.3.43.1.s390x",
"product_id": "release-notes-susemanager-proxy-4.2.9-150300.3.43.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "release-notes-susemanager-4.2.9-150300.3.54.1.x86_64",
"product": {
"name": "release-notes-susemanager-4.2.9-150300.3.54.1.x86_64",
"product_id": "release-notes-susemanager-4.2.9-150300.3.54.1.x86_64"
}
},
{
"category": "product_version",
"name": "release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64",
"product": {
"name": "release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64",
"product_id": "release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Manager Proxy 4.2",
"product": {
"name": "SUSE Manager Proxy 4.2",
"product_id": "SUSE Manager Proxy 4.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-proxy:4.2"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Retail Branch Server 4.2",
"product": {
"name": "SUSE Manager Retail Branch Server 4.2",
"product_id": "SUSE Manager Retail Branch Server 4.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-retail-branch-server:4.2"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Server 4.2",
"product": {
"name": "SUSE Manager Server 4.2",
"product_id": "SUSE Manager Server 4.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-server:4.2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64 as component of SUSE Manager Proxy 4.2",
"product_id": "SUSE Manager Proxy 4.2:release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64"
},
"product_reference": "release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64 as component of SUSE Manager Retail Branch Server 4.2",
"product_id": "SUSE Manager Retail Branch Server 4.2:release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64"
},
"product_reference": "release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64",
"relates_to_product_reference": "SUSE Manager Retail Branch Server 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "release-notes-susemanager-4.2.9-150300.3.54.1.ppc64le as component of SUSE Manager Server 4.2",
"product_id": "SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.ppc64le"
},
"product_reference": "release-notes-susemanager-4.2.9-150300.3.54.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Server 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "release-notes-susemanager-4.2.9-150300.3.54.1.s390x as component of SUSE Manager Server 4.2",
"product_id": "SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.s390x"
},
"product_reference": "release-notes-susemanager-4.2.9-150300.3.54.1.s390x",
"relates_to_product_reference": "SUSE Manager Server 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "release-notes-susemanager-4.2.9-150300.3.54.1.x86_64 as component of SUSE Manager Server 4.2",
"product_id": "SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.x86_64"
},
"product_reference": "release-notes-susemanager-4.2.9-150300.3.54.1.x86_64",
"relates_to_product_reference": "SUSE Manager Server 4.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-41411",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-41411"
}
],
"notes": [
{
"category": "general",
"text": "drools \u003c=7.59.x is affected by an XML External Entity (XXE) vulnerability in KieModuleMarshaller.java. The Validator class is not used correctly, resulting in the XXE injection vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Proxy 4.2:release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64",
"SUSE Manager Retail Branch Server 4.2:release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64",
"SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.ppc64le",
"SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.s390x",
"SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-41411",
"url": "https://www.suse.com/security/cve/CVE-2021-41411"
},
{
"category": "external",
"summary": "SUSE Bug 1200629 for CVE-2021-41411",
"url": "https://bugzilla.suse.com/1200629"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Proxy 4.2:release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64",
"SUSE Manager Retail Branch Server 4.2:release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64",
"SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.ppc64le",
"SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.s390x",
"SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Manager Proxy 4.2:release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64",
"SUSE Manager Retail Branch Server 4.2:release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64",
"SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.ppc64le",
"SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.s390x",
"SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-09-19T15:37:27Z",
"details": "important"
}
],
"title": "CVE-2021-41411"
},
{
"cve": "CVE-2021-42740",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-42740"
}
],
"notes": [
{
"category": "general",
"text": "The shell-quote package before 1.7.3 for Node.js allows command injection. An attacker can inject unescaped shell metacharacters through a regex designed to support Windows drive letters. If the output of this package is passed to a real shell as a quoted argument to a command with exec(), an attacker can inject arbitrary commands. This is because the Windows drive letter regex character class is {A-z] instead of the correct {A-Za-z]. Several shell metacharacters exist in the space between capital letter Z and lower case letter a, such as the backtick character.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Proxy 4.2:release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64",
"SUSE Manager Retail Branch Server 4.2:release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64",
"SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.ppc64le",
"SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.s390x",
"SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-42740",
"url": "https://www.suse.com/security/cve/CVE-2021-42740"
},
{
"category": "external",
"summary": "SUSE Bug 1203287 for CVE-2021-42740",
"url": "https://bugzilla.suse.com/1203287"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Proxy 4.2:release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64",
"SUSE Manager Retail Branch Server 4.2:release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64",
"SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.ppc64le",
"SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.s390x",
"SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Manager Proxy 4.2:release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64",
"SUSE Manager Retail Branch Server 4.2:release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64",
"SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.ppc64le",
"SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.s390x",
"SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-09-19T15:37:27Z",
"details": "critical"
}
],
"title": "CVE-2021-42740"
},
{
"cve": "CVE-2021-43138",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-43138"
}
],
"notes": [
{
"category": "general",
"text": "In Async before 2.6.4 and 3.x before 3.2.2, a malicious user can obtain privileges via the mapValues() method, aka lib/internal/iterator.js createObjectIterator prototype pollution.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Proxy 4.2:release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64",
"SUSE Manager Retail Branch Server 4.2:release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64",
"SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.ppc64le",
"SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.s390x",
"SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-43138",
"url": "https://www.suse.com/security/cve/CVE-2021-43138"
},
{
"category": "external",
"summary": "SUSE Bug 1200480 for CVE-2021-43138",
"url": "https://bugzilla.suse.com/1200480"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Proxy 4.2:release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64",
"SUSE Manager Retail Branch Server 4.2:release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64",
"SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.ppc64le",
"SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.s390x",
"SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Manager Proxy 4.2:release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64",
"SUSE Manager Retail Branch Server 4.2:release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64",
"SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.ppc64le",
"SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.s390x",
"SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-09-19T15:37:27Z",
"details": "important"
}
],
"title": "CVE-2021-43138"
},
{
"cve": "CVE-2022-31129",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-31129"
}
],
"notes": [
{
"category": "general",
"text": "moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an inefficient parsing algorithm. Specifically using string-to-date parsing in moment (more specifically rfc2822 parsing, which is tried by default) has quadratic (N^2) complexity on specific inputs. Users may notice a noticeable slowdown is observed with inputs above 10k characters. Users who pass user-provided strings without sanity length checks to moment constructor are vulnerable to (Re)DoS attacks. The problem is patched in 2.29.4, the patch can be applied to all affected versions with minimal tweaking. Users are advised to upgrade. Users unable to upgrade should consider limiting date lengths accepted from user input.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Proxy 4.2:release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64",
"SUSE Manager Retail Branch Server 4.2:release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64",
"SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.ppc64le",
"SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.s390x",
"SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-31129",
"url": "https://www.suse.com/security/cve/CVE-2022-31129"
},
{
"category": "external",
"summary": "SUSE Bug 1203288 for CVE-2022-31129",
"url": "https://bugzilla.suse.com/1203288"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Proxy 4.2:release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64",
"SUSE Manager Retail Branch Server 4.2:release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64",
"SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.ppc64le",
"SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.s390x",
"SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Manager Proxy 4.2:release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64",
"SUSE Manager Retail Branch Server 4.2:release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64",
"SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.ppc64le",
"SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.s390x",
"SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-09-19T15:37:27Z",
"details": "important"
}
],
"title": "CVE-2022-31129"
}
]
}
SUSE-SU-2022:3314-1
Vulnerability from csaf_suse - Published: 2022-09-19 15:38 - Updated: 2022-09-19 15:38Summary
Security update for SUSE Manager Server 4.2
Severity
Critical
Notes
Title of the patch: Security update for SUSE Manager Server 4.2
Description of the patch: This update fixes the following issues:
drools:
- CVE-2021-41411: XML External Entity injection in KieModuleModelImpl.java. (bsc#1200629)
httpcomponents-asyncclient:
- Provide maven metadata needed by other packages to build
image-sync-formula:
- Update to version 0.1.1661440526.b08d95b
* Add option to sort boot images by version (bsc#1196729)
inter-server-sync:
- Version 0.2.3
* Compress exported sql data #16631
* Add gzip dependency to decompress data file during import process
patterns-suse-manager:
- Strictly require OpenJDK 11 (bsc#1202142)
py27-compat-salt:
- Add support for gpgautoimport in zypperpkg module
- Fix salt.states.file.managed() for follow_symlinks=True and test=True (bsc#1199372)
- Add support for name, pkgs and diff_attr parameters to upgrade
function for zypper and yum (bsc#1198489)
- Unify logic on using multiple requisites and add onfail_all (bsc#1198738)
- Normalize package names once with pkg.installed/removed using yum (bsc#1195895)
salt-netapi-client:
- Declare the LICENSE file as license and not doc
- Adapted for Enterprise Linux 9.
- Version 0.20.0
* See: https://github.com/SUSE/salt-netapi-client/releases/tag/v0.20.0
saltboot-formula:
- Update to version 0.1.1661440526.b08d95b
* Fallback to local boot if the configured image is not synced
* improve image url modifications - preparation for ftp/http changes
spacecmd:
- Version 4.2.19-1
* Process date values in spacecmd api calls (bsc#1198903)
* Show correct help on calling kickstart_importjson with no arguments
* Fix tracebacks on spacecmd kickstart_export (bsc#1200591)
spacewalk-admin:
- Version 4.2.12-1
* Add --help option to mgr-monitoring-ctl
spacewalk-backend:
- Version 4.2.24-1
* Make reposync use the configured http proxy with mirrorlist (bsc#1198168)
* Revert proxy listChannels token caching pr#4548
* cleanup leftovers from removing unused xmlrpc endpoint
spacewalk-certs-tools:
- Version 4.2.18-1
* traditional stack bootstrap: install product packages (bsc#1201142)
spacewalk-client-tools:
- Version 4.2.20-1
* Update translation strings
spacewalk-java:
- Version 4.2.41-1
* Fixed date format on scheduler related messages (bsc#1195455)
* Support inherited values for kernel options from Cobbler API (bsc#1199913)
* Add channel availability check for product migration (bsc#1200296)
* Check if system has all formulas correctly assigned (bsc#1201607)
* Remove group formula assignments and data on group delete (bsc#1201606)
* Fix sync for external repositories (bsc#1201753)
* fix state.apply result parsing in test mode (bsc#1201913)
* Reduce the length of image channel URL (bsc#1201220)
* Calculate dependencies between cloned channels of vendor channels (bsc#1201626)
* fix symlinks pointing to ongres-stringprep
* Modify parameter type when communicating with the search server (bsc#1187028)
* Fix initial profile and build host on Image Build page (bsc#1199659)
* Fix the confirm message on the refresh action by adding a link
to pending actions on it (bsc#1172705)
* require new salt-netapi-client version
* Clean grub2 reinstall entry in autoyast snippet (bsc#1199950)
spacewalk-search:
- Version 4.2.8-1
* Add methods to handle session id as String
spacewalk-web:
- Version 4.2.29-1
* CVE-2021-43138: Obtain privileges via the `mapValues()` method. (bsc#1200480)
* CVE-2021-42740: Command injection in the shell-quote package. (bsc#1203287)
* CVE-2022-31129: Denial-of-Service moment: inefficient parsing algorithm (bsc#1203288)
* Fix table header layout for unselectable tables
* Fix initial profile and build host on Image Build page (bsc#1199659)
subscription-matcher:
- Added Guava maximum version requirement.
susemanager:
- Version 4.2.37-1
* mark new dependencies for python-py optional in bootstrap repo to fix generation for older service packs
(bsc#1203449)
- Version 4.2.36-1
* add missing packages on SLES 15
* remove server-migrator.sh from SUSE Manager installations (bsc#1202728)
* mgr-create-bootstrap-repo: flush directory also when called for a specific label (bsc#1200573)
* add missing packages on SLES 12 SP5 bootstrap repo (bsc#1201918)
* remove python-tornado from bootstrap repo, since no longer required for salt version >= 3000
* add openSUSE 15.4 product (bsc#1201527)
* add clients tool product to generate bootstrap repo on openSUSE 15.x (bsc#1201189)
susemanager-doc-indexes:
- Documented mandatory channels in the Disconnected Setup chapter of the
Administration Guide (bsc#1202464)
- Documented how to onboard Ubuntu clients with the Salt bundle as a
regular user
- Documented how to onboard Debian clients with the Salt bundle or plain Salt
as a regular user
- Fixed the names of updates channels for Leap
- Fixed errors in OpenSCAP chapter of Administration Guide
- Added exact command to create the bootstrap repo for Salt bundle and about how to disable salt-thin
- Removed CentOS 8 from the list of supported client systems
- Extend the notes about using noexec option for /tmp and /var/tmp (bsc#1201210)
- Reverted single snippet change for two separate books
- Added extend Salt Bundle functionality with Python packages using pip
- Add missing part of the description to enable optional support of the Salt Bundle with Salt SSH
- Added exact command to create the bootstrap repo for salt bundle and about how to disable salt-thin
- Salt Configuration Modules are no longer Technology Preview in Salt Guide.
- Fixed Ubuntu 18 Client registration in Client Configuration Guide (bsc#1201224)
- Added ports 1232 and 1233 in the Ports section of the Installation and
Upgrade Guide; required for Salt SSH Push (bsc#1200532)
- In the Custom Channel section of the Administration Guide add a note
about synchronizing repositories regularly.
- Removed SUSE Linux Enterprise 11 from the list of supported client systems
susemanager-docs_en:
- Documented mandatory channels in the Disconnected Setup chapter of the
Administration Guide (bsc#1202464)
- Documented how to onboard Ubuntu clients with the Salt bundle as a
regular user
- Documented how to onboard Debian clients with the Salt bundle or plain Salt
as a regular user
- Fixed the names of updates channels for Leap
- Fixed errors in OpenSCAP chapter of Administration Guide
- Added exact command to create the bootstrap repo for Salt bundle and about how to disable salt-thin
- Removed CentOS 8 from the list of supported client systems
- Extend the notes about using noexec option for /tmp and /var/tmp (bsc#1201210)
- Reverted single snippet change for two separate books
- Added extend Salt Bundle functionality with Python packages using pip
- Add missing part of the description to enable optional support of the Salt Bundle with Salt SSH
- Added exact command to create the bootstrap repo for salt bundle and about how to disable salt-thin
- Salt Configuration Modules are no longer Technology Preview in Salt Guide.
- Fixed Ubuntu 18 Client registration in Client Configuration Guide (bsc#1201224)
- Added ports 1232 and 1233 in the Ports section of the Installation and
Upgrade Guide; required for Salt SSH Push (bsc#1200532)
- In the Custom Channel section of the Administration Guide add a note
about synchronizing repositories regularly.
- Removed SUSE Linux Enterprise 11 from the list of supported client systems
susemanager-schema:
- Version 4.2.24-1
* Fix migration of image actions (bsc#1202272)
susemanager-sls:
- Version 4.2.27-1
* Copy grains file with util.mgr_switch_to_venv_minion state apply
* Remove the message 'rpm: command not found' on using Salt SSH
with Debian based systems which has no Salt Bundle
* Prevent possible tracebacks on calling module.run from mgrcompat
by setting proper globals with using LazyLoader
* Fix deploy of SLE Micro CA Certificate (bsc#1200276)
uyuni-common-libs:
- Version 4.2.7-1
* Do not allow creating path if nonexistent user or group in fileutils.
How to apply this update:
1. Log in as root user to the SUSE Manager server.
2. Stop the Spacewalk service:
`spacewalk-service stop`
3. Apply the patch using either zypper patch or YaST Online Update.
4. Start the Spacewalk service:
`spacewalk-service start`
Patchnames: SUSE-2022-3314,SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2022-3314,SUSE-SLE-Module-SUSE-Manager-Server-4.2-2022-3314
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
84 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager Proxy Module 4.2:mgr-daemon-4.2.10-150300.2.9.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.2:patterns-suma_proxy-4.2-150300.4.12.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.2:python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.2:python3-spacewalk-check-4.2.20-150300.4.24.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.2:python3-spacewalk-client-setup-4.2.20-150300.4.24.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.2:python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.2:spacecmd-4.2.19-150300.4.27.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-backend-4.2.24-150300.4.29.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-check-4.2.20-150300.4.24.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-client-setup-4.2.20-150300.4.24.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-client-tools-4.2.20-150300.4.24.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-proxy-broker-4.2.12-150300.3.21.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-proxy-common-4.2.12-150300.3.21.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-proxy-management-4.2.12-150300.3.21.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-proxy-package-manager-4.2.12-150300.3.21.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-proxy-redirect-4.2.12-150300.3.21.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-proxy-salt-4.2.12-150300.3.21.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.2:susemanager-tftpsync-recv-4.2.5-150300.3.6.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:drools-7.17.0-150300.4.6.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:httpcomponents-asyncclient-4.1.4-150300.3.3.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:image-sync-formula-0.1.1661440526.b08d95b-150300.3.3.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:py27-compat-salt-3000.3-150300.7.7.23.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:salt-netapi-client-0.20.0-150300.3.9.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:saltboot-formula-0.1.1661440526.b08d95b-150300.3.12.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacecmd-4.2.19-150300.4.27.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-admin-4.2.12-150300.3.15.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-4.2.24-150300.4.29.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-app-4.2.24-150300.4.29.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-applet-4.2.24-150300.4.29.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-config-files-4.2.24-150300.4.29.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-config-files-common-4.2.24-150300.4.29.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-config-files-tool-4.2.24-150300.4.29.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-iss-4.2.24-150300.4.29.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-iss-export-4.2.24-150300.4.29.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-package-push-server-4.2.24-150300.4.29.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-server-4.2.24-150300.4.29.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-sql-4.2.24-150300.4.29.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-sql-postgresql-4.2.24-150300.4.29.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-tools-4.2.24-150300.4.29.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-xml-export-libs-4.2.24-150300.4.29.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-xmlrpc-4.2.24-150300.4.29.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-base-4.2.29-150300.3.27.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-client-tools-4.2.20-150300.4.24.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-html-4.2.29-150300.3.27.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-java-4.2.41-150300.3.43.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-java-config-4.2.41-150300.3.43.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-java-lib-4.2.41-150300.3.43.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-java-postgresql-4.2.41-150300.3.43.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-search-4.2.8-150300.3.12.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-taskomatic-4.2.41-150300.3.43.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:subscription-matcher-0.29-150300.6.12.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:susemanager-doc-indexes-4.2-150300.12.33.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:susemanager-docs_en-4.2-150300.12.33.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:susemanager-docs_en-pdf-4.2-150300.12.33.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:susemanager-schema-4.2.24-150300.3.27.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:susemanager-sls-4.2.27-150300.3.33.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:uyuni-config-modules-4.2.27-150300.3.33.4.noarch | — |
Vendor Fix
|
Threats
Impact
important
9.8 (Critical)
Affected products
Recommended
84 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager Proxy Module 4.2:mgr-daemon-4.2.10-150300.2.9.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.2:patterns-suma_proxy-4.2-150300.4.12.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.2:python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.2:python3-spacewalk-check-4.2.20-150300.4.24.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.2:python3-spacewalk-client-setup-4.2.20-150300.4.24.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.2:python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.2:spacecmd-4.2.19-150300.4.27.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-backend-4.2.24-150300.4.29.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-check-4.2.20-150300.4.24.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-client-setup-4.2.20-150300.4.24.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-client-tools-4.2.20-150300.4.24.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-proxy-broker-4.2.12-150300.3.21.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-proxy-common-4.2.12-150300.3.21.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-proxy-management-4.2.12-150300.3.21.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-proxy-package-manager-4.2.12-150300.3.21.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-proxy-redirect-4.2.12-150300.3.21.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-proxy-salt-4.2.12-150300.3.21.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.2:susemanager-tftpsync-recv-4.2.5-150300.3.6.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:drools-7.17.0-150300.4.6.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:httpcomponents-asyncclient-4.1.4-150300.3.3.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:image-sync-formula-0.1.1661440526.b08d95b-150300.3.3.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:py27-compat-salt-3000.3-150300.7.7.23.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:salt-netapi-client-0.20.0-150300.3.9.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:saltboot-formula-0.1.1661440526.b08d95b-150300.3.12.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacecmd-4.2.19-150300.4.27.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-admin-4.2.12-150300.3.15.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-4.2.24-150300.4.29.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-app-4.2.24-150300.4.29.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-applet-4.2.24-150300.4.29.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-config-files-4.2.24-150300.4.29.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-config-files-common-4.2.24-150300.4.29.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-config-files-tool-4.2.24-150300.4.29.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-iss-4.2.24-150300.4.29.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-iss-export-4.2.24-150300.4.29.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-package-push-server-4.2.24-150300.4.29.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-server-4.2.24-150300.4.29.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-sql-4.2.24-150300.4.29.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-sql-postgresql-4.2.24-150300.4.29.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-tools-4.2.24-150300.4.29.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-xml-export-libs-4.2.24-150300.4.29.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-xmlrpc-4.2.24-150300.4.29.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-base-4.2.29-150300.3.27.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-client-tools-4.2.20-150300.4.24.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-html-4.2.29-150300.3.27.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-java-4.2.41-150300.3.43.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-java-config-4.2.41-150300.3.43.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-java-lib-4.2.41-150300.3.43.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-java-postgresql-4.2.41-150300.3.43.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-search-4.2.8-150300.3.12.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-taskomatic-4.2.41-150300.3.43.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:subscription-matcher-0.29-150300.6.12.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:susemanager-doc-indexes-4.2-150300.12.33.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:susemanager-docs_en-4.2-150300.12.33.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:susemanager-docs_en-pdf-4.2-150300.12.33.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:susemanager-schema-4.2.24-150300.3.27.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:susemanager-sls-4.2.27-150300.3.33.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:uyuni-config-modules-4.2.27-150300.3.33.4.noarch | — |
Vendor Fix
|
Threats
Impact
critical
7.8 (High)
Affected products
Recommended
84 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager Proxy Module 4.2:mgr-daemon-4.2.10-150300.2.9.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.2:patterns-suma_proxy-4.2-150300.4.12.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.2:python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.2:python3-spacewalk-check-4.2.20-150300.4.24.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.2:python3-spacewalk-client-setup-4.2.20-150300.4.24.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.2:python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.2:spacecmd-4.2.19-150300.4.27.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-backend-4.2.24-150300.4.29.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-check-4.2.20-150300.4.24.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-client-setup-4.2.20-150300.4.24.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-client-tools-4.2.20-150300.4.24.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-proxy-broker-4.2.12-150300.3.21.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-proxy-common-4.2.12-150300.3.21.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-proxy-management-4.2.12-150300.3.21.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-proxy-package-manager-4.2.12-150300.3.21.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-proxy-redirect-4.2.12-150300.3.21.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-proxy-salt-4.2.12-150300.3.21.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.2:susemanager-tftpsync-recv-4.2.5-150300.3.6.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:drools-7.17.0-150300.4.6.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:httpcomponents-asyncclient-4.1.4-150300.3.3.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:image-sync-formula-0.1.1661440526.b08d95b-150300.3.3.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:py27-compat-salt-3000.3-150300.7.7.23.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:salt-netapi-client-0.20.0-150300.3.9.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:saltboot-formula-0.1.1661440526.b08d95b-150300.3.12.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacecmd-4.2.19-150300.4.27.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-admin-4.2.12-150300.3.15.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-4.2.24-150300.4.29.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-app-4.2.24-150300.4.29.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-applet-4.2.24-150300.4.29.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-config-files-4.2.24-150300.4.29.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-config-files-common-4.2.24-150300.4.29.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-config-files-tool-4.2.24-150300.4.29.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-iss-4.2.24-150300.4.29.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-iss-export-4.2.24-150300.4.29.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-package-push-server-4.2.24-150300.4.29.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-server-4.2.24-150300.4.29.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-sql-4.2.24-150300.4.29.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-sql-postgresql-4.2.24-150300.4.29.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-tools-4.2.24-150300.4.29.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-xml-export-libs-4.2.24-150300.4.29.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-xmlrpc-4.2.24-150300.4.29.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-base-4.2.29-150300.3.27.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-client-tools-4.2.20-150300.4.24.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-html-4.2.29-150300.3.27.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-java-4.2.41-150300.3.43.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-java-config-4.2.41-150300.3.43.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-java-lib-4.2.41-150300.3.43.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-java-postgresql-4.2.41-150300.3.43.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-search-4.2.8-150300.3.12.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-taskomatic-4.2.41-150300.3.43.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:subscription-matcher-0.29-150300.6.12.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:susemanager-doc-indexes-4.2-150300.12.33.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:susemanager-docs_en-4.2-150300.12.33.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:susemanager-docs_en-pdf-4.2-150300.12.33.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:susemanager-schema-4.2.24-150300.3.27.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:susemanager-sls-4.2.27-150300.3.33.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:uyuni-config-modules-4.2.27-150300.3.33.4.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
84 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager Proxy Module 4.2:mgr-daemon-4.2.10-150300.2.9.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.2:patterns-suma_proxy-4.2-150300.4.12.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.2:python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.2:python3-spacewalk-check-4.2.20-150300.4.24.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.2:python3-spacewalk-client-setup-4.2.20-150300.4.24.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.2:python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.2:spacecmd-4.2.19-150300.4.27.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-backend-4.2.24-150300.4.29.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-check-4.2.20-150300.4.24.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-client-setup-4.2.20-150300.4.24.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-client-tools-4.2.20-150300.4.24.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-proxy-broker-4.2.12-150300.3.21.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-proxy-common-4.2.12-150300.3.21.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-proxy-management-4.2.12-150300.3.21.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-proxy-package-manager-4.2.12-150300.3.21.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-proxy-redirect-4.2.12-150300.3.21.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-proxy-salt-4.2.12-150300.3.21.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.2:susemanager-tftpsync-recv-4.2.5-150300.3.6.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:drools-7.17.0-150300.4.6.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:httpcomponents-asyncclient-4.1.4-150300.3.3.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:image-sync-formula-0.1.1661440526.b08d95b-150300.3.3.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:py27-compat-salt-3000.3-150300.7.7.23.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:salt-netapi-client-0.20.0-150300.3.9.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:saltboot-formula-0.1.1661440526.b08d95b-150300.3.12.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacecmd-4.2.19-150300.4.27.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-admin-4.2.12-150300.3.15.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-4.2.24-150300.4.29.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-app-4.2.24-150300.4.29.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-applet-4.2.24-150300.4.29.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-config-files-4.2.24-150300.4.29.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-config-files-common-4.2.24-150300.4.29.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-config-files-tool-4.2.24-150300.4.29.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-iss-4.2.24-150300.4.29.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-iss-export-4.2.24-150300.4.29.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-package-push-server-4.2.24-150300.4.29.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-server-4.2.24-150300.4.29.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-sql-4.2.24-150300.4.29.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-sql-postgresql-4.2.24-150300.4.29.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-tools-4.2.24-150300.4.29.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-xml-export-libs-4.2.24-150300.4.29.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-xmlrpc-4.2.24-150300.4.29.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-base-4.2.29-150300.3.27.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-client-tools-4.2.20-150300.4.24.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-html-4.2.29-150300.3.27.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-java-4.2.41-150300.3.43.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-java-config-4.2.41-150300.3.43.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-java-lib-4.2.41-150300.3.43.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-java-postgresql-4.2.41-150300.3.43.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-search-4.2.8-150300.3.12.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-taskomatic-4.2.41-150300.3.43.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:subscription-matcher-0.29-150300.6.12.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:susemanager-doc-indexes-4.2-150300.12.33.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:susemanager-docs_en-4.2-150300.12.33.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:susemanager-docs_en-pdf-4.2-150300.12.33.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:susemanager-schema-4.2.24-150300.3.27.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:susemanager-sls-4.2.27-150300.3.33.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:uyuni-config-modules-4.2.27-150300.3.33.4.noarch | — |
Vendor Fix
|
Threats
Impact
important
References
55 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for SUSE Manager Server 4.2",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update fixes the following issues:\n\ndrools:\n\n- CVE-2021-41411: XML External Entity injection in KieModuleModelImpl.java. (bsc#1200629)\n\nhttpcomponents-asyncclient:\n\n- Provide maven metadata needed by other packages to build\n\nimage-sync-formula:\n\n- Update to version 0.1.1661440526.b08d95b\n * Add option to sort boot images by version (bsc#1196729)\n\ninter-server-sync:\n\n- Version 0.2.3\n * Compress exported sql data #16631\n * Add gzip dependency to decompress data file during import process\n\npatterns-suse-manager:\n\n- Strictly require OpenJDK 11 (bsc#1202142) \n\npy27-compat-salt:\n\n- Add support for gpgautoimport in zypperpkg module\n- Fix salt.states.file.managed() for follow_symlinks=True and test=True (bsc#1199372)\n- Add support for name, pkgs and diff_attr parameters to upgrade\n function for zypper and yum (bsc#1198489)\n- Unify logic on using multiple requisites and add onfail_all (bsc#1198738)\n- Normalize package names once with pkg.installed/removed using yum (bsc#1195895)\n\nsalt-netapi-client:\n\n- Declare the LICENSE file as license and not doc\n- Adapted for Enterprise Linux 9.\n- Version 0.20.0\n * See: https://github.com/SUSE/salt-netapi-client/releases/tag/v0.20.0\n\nsaltboot-formula:\n\n- Update to version 0.1.1661440526.b08d95b\n * Fallback to local boot if the configured image is not synced\n * improve image url modifications - preparation for ftp/http changes\n\nspacecmd:\n\n- Version 4.2.19-1\n * Process date values in spacecmd api calls (bsc#1198903)\n * Show correct help on calling kickstart_importjson with no arguments\n * Fix tracebacks on spacecmd kickstart_export (bsc#1200591)\n\nspacewalk-admin:\n\n- Version 4.2.12-1\n * Add --help option to mgr-monitoring-ctl\n\nspacewalk-backend:\n\n- Version 4.2.24-1\n * Make reposync use the configured http proxy with mirrorlist (bsc#1198168)\n * Revert proxy listChannels token caching pr#4548\n * cleanup leftovers from removing unused xmlrpc endpoint\n\nspacewalk-certs-tools:\n\n- Version 4.2.18-1\n * traditional stack bootstrap: install product packages (bsc#1201142)\n\nspacewalk-client-tools:\n\n- Version 4.2.20-1\n * Update translation strings\n\nspacewalk-java:\n\n- Version 4.2.41-1\n * Fixed date format on scheduler related messages (bsc#1195455)\n * Support inherited values for kernel options from Cobbler API (bsc#1199913)\n * Add channel availability check for product migration (bsc#1200296)\n * Check if system has all formulas correctly assigned (bsc#1201607)\n * Remove group formula assignments and data on group delete (bsc#1201606)\n * Fix sync for external repositories (bsc#1201753)\n * fix state.apply result parsing in test mode (bsc#1201913)\n * Reduce the length of image channel URL (bsc#1201220)\n * Calculate dependencies between cloned channels of vendor channels (bsc#1201626)\n * fix symlinks pointing to ongres-stringprep\n * Modify parameter type when communicating with the search server (bsc#1187028)\n * Fix initial profile and build host on Image Build page (bsc#1199659)\n * Fix the confirm message on the refresh action by adding a link\n to pending actions on it (bsc#1172705)\n * require new salt-netapi-client version\n * Clean grub2 reinstall entry in autoyast snippet (bsc#1199950)\n\nspacewalk-search:\n\n- Version 4.2.8-1\n * Add methods to handle session id as String\n\nspacewalk-web:\n\n- Version 4.2.29-1\n * CVE-2021-43138: Obtain privileges via the `mapValues()` method. (bsc#1200480)\n * CVE-2021-42740: Command injection in the shell-quote package. (bsc#1203287) \n * CVE-2022-31129: Denial-of-Service moment: inefficient parsing algorithm (bsc#1203288)\n * Fix table header layout for unselectable tables\n * Fix initial profile and build host on Image Build page (bsc#1199659)\n\nsubscription-matcher:\n\n- Added Guava maximum version requirement.\n\nsusemanager:\n \n- Version 4.2.37-1\n * mark new dependencies for python-py optional in bootstrap repo to fix generation for older service packs \n (bsc#1203449)\n- Version 4.2.36-1\n * add missing packages on SLES 15\n * remove server-migrator.sh from SUSE Manager installations (bsc#1202728)\n * mgr-create-bootstrap-repo: flush directory also when called for a specific label (bsc#1200573)\n * add missing packages on SLES 12 SP5 bootstrap repo (bsc#1201918)\n * remove python-tornado from bootstrap repo, since no longer required for salt version \u003e= 3000\n * add openSUSE 15.4 product (bsc#1201527)\n * add clients tool product to generate bootstrap repo on openSUSE 15.x (bsc#1201189)\n\nsusemanager-doc-indexes:\n\n- Documented mandatory channels in the Disconnected Setup chapter of the\n Administration Guide (bsc#1202464)\n- Documented how to onboard Ubuntu clients with the Salt bundle as a\n regular user\n- Documented how to onboard Debian clients with the Salt bundle or plain Salt\n as a regular user\n- Fixed the names of updates channels for Leap\n- Fixed errors in OpenSCAP chapter of Administration Guide\n- Added exact command to create the bootstrap repo for Salt bundle and about how to disable salt-thin\n- Removed CentOS 8 from the list of supported client systems\n- Extend the notes about using noexec option for /tmp and /var/tmp (bsc#1201210)\n- Reverted single snippet change for two separate books\n- Added extend Salt Bundle functionality with Python packages using pip\n- Add missing part of the description to enable optional support of the Salt Bundle with Salt SSH\n- Added exact command to create the bootstrap repo for salt bundle and about how to disable salt-thin\n- Salt Configuration Modules are no longer Technology Preview in Salt Guide.\n- Fixed Ubuntu 18 Client registration in Client Configuration Guide (bsc#1201224)\n- Added ports 1232 and 1233 in the Ports section of the Installation and\n Upgrade Guide; required for Salt SSH Push (bsc#1200532)\n- In the Custom Channel section of the Administration Guide add a note\n about synchronizing repositories regularly.\n- Removed SUSE Linux Enterprise 11 from the list of supported client systems\n\nsusemanager-docs_en:\n\n- Documented mandatory channels in the Disconnected Setup chapter of the\n Administration Guide (bsc#1202464)\n- Documented how to onboard Ubuntu clients with the Salt bundle as a\n regular user\n- Documented how to onboard Debian clients with the Salt bundle or plain Salt\n as a regular user\n- Fixed the names of updates channels for Leap\n- Fixed errors in OpenSCAP chapter of Administration Guide\n- Added exact command to create the bootstrap repo for Salt bundle and about how to disable salt-thin\n- Removed CentOS 8 from the list of supported client systems\n- Extend the notes about using noexec option for /tmp and /var/tmp (bsc#1201210)\n- Reverted single snippet change for two separate books\n- Added extend Salt Bundle functionality with Python packages using pip\n- Add missing part of the description to enable optional support of the Salt Bundle with Salt SSH\n- Added exact command to create the bootstrap repo for salt bundle and about how to disable salt-thin\n- Salt Configuration Modules are no longer Technology Preview in Salt Guide.\n- Fixed Ubuntu 18 Client registration in Client Configuration Guide (bsc#1201224)\n- Added ports 1232 and 1233 in the Ports section of the Installation and\n Upgrade Guide; required for Salt SSH Push (bsc#1200532)\n- In the Custom Channel section of the Administration Guide add a note\n about synchronizing repositories regularly.\n- Removed SUSE Linux Enterprise 11 from the list of supported client systems\n\nsusemanager-schema:\n\n- Version 4.2.24-1\n * Fix migration of image actions (bsc#1202272)\n\nsusemanager-sls:\n\n- Version 4.2.27-1\n * Copy grains file with util.mgr_switch_to_venv_minion state apply\n * Remove the message \u0027rpm: command not found\u0027 on using Salt SSH\n with Debian based systems which has no Salt Bundle\n * Prevent possible tracebacks on calling module.run from mgrcompat\n by setting proper globals with using LazyLoader\n * Fix deploy of SLE Micro CA Certificate (bsc#1200276)\n\nuyuni-common-libs:\n\n- Version 4.2.7-1\n * Do not allow creating path if nonexistent user or group in fileutils.\n\nHow to apply this update:\n\n1. Log in as root user to the SUSE Manager server.\n2. Stop the Spacewalk service:\n`spacewalk-service stop`\n3. Apply the patch using either zypper patch or YaST Online Update.\n4. Start the Spacewalk service:\n`spacewalk-service start`\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2022-3314,SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2022-3314,SUSE-SLE-Module-SUSE-Manager-Server-4.2-2022-3314",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_3314-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2022:3314-1",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20223314-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2022:3314-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-September/012286.html"
},
{
"category": "self",
"summary": "SUSE Bug 1172705",
"url": "https://bugzilla.suse.com/1172705"
},
{
"category": "self",
"summary": "SUSE Bug 1187028",
"url": "https://bugzilla.suse.com/1187028"
},
{
"category": "self",
"summary": "SUSE Bug 1195455",
"url": "https://bugzilla.suse.com/1195455"
},
{
"category": "self",
"summary": "SUSE Bug 1195895",
"url": "https://bugzilla.suse.com/1195895"
},
{
"category": "self",
"summary": "SUSE Bug 1196729",
"url": "https://bugzilla.suse.com/1196729"
},
{
"category": "self",
"summary": "SUSE Bug 1198168",
"url": "https://bugzilla.suse.com/1198168"
},
{
"category": "self",
"summary": "SUSE Bug 1198489",
"url": "https://bugzilla.suse.com/1198489"
},
{
"category": "self",
"summary": "SUSE Bug 1198738",
"url": "https://bugzilla.suse.com/1198738"
},
{
"category": "self",
"summary": "SUSE Bug 1198903",
"url": "https://bugzilla.suse.com/1198903"
},
{
"category": "self",
"summary": "SUSE Bug 1199372",
"url": "https://bugzilla.suse.com/1199372"
},
{
"category": "self",
"summary": "SUSE Bug 1199659",
"url": "https://bugzilla.suse.com/1199659"
},
{
"category": "self",
"summary": "SUSE Bug 1199913",
"url": "https://bugzilla.suse.com/1199913"
},
{
"category": "self",
"summary": "SUSE Bug 1199950",
"url": "https://bugzilla.suse.com/1199950"
},
{
"category": "self",
"summary": "SUSE Bug 1200276",
"url": "https://bugzilla.suse.com/1200276"
},
{
"category": "self",
"summary": "SUSE Bug 1200296",
"url": "https://bugzilla.suse.com/1200296"
},
{
"category": "self",
"summary": "SUSE Bug 1200480",
"url": "https://bugzilla.suse.com/1200480"
},
{
"category": "self",
"summary": "SUSE Bug 1200532",
"url": "https://bugzilla.suse.com/1200532"
},
{
"category": "self",
"summary": "SUSE Bug 1200573",
"url": "https://bugzilla.suse.com/1200573"
},
{
"category": "self",
"summary": "SUSE Bug 1200591",
"url": "https://bugzilla.suse.com/1200591"
},
{
"category": "self",
"summary": "SUSE Bug 1200629",
"url": "https://bugzilla.suse.com/1200629"
},
{
"category": "self",
"summary": "SUSE Bug 1201142",
"url": "https://bugzilla.suse.com/1201142"
},
{
"category": "self",
"summary": "SUSE Bug 1201189",
"url": "https://bugzilla.suse.com/1201189"
},
{
"category": "self",
"summary": "SUSE Bug 1201210",
"url": "https://bugzilla.suse.com/1201210"
},
{
"category": "self",
"summary": "SUSE Bug 1201220",
"url": "https://bugzilla.suse.com/1201220"
},
{
"category": "self",
"summary": "SUSE Bug 1201224",
"url": "https://bugzilla.suse.com/1201224"
},
{
"category": "self",
"summary": "SUSE Bug 1201527",
"url": "https://bugzilla.suse.com/1201527"
},
{
"category": "self",
"summary": "SUSE Bug 1201606",
"url": "https://bugzilla.suse.com/1201606"
},
{
"category": "self",
"summary": "SUSE Bug 1201607",
"url": "https://bugzilla.suse.com/1201607"
},
{
"category": "self",
"summary": "SUSE Bug 1201626",
"url": "https://bugzilla.suse.com/1201626"
},
{
"category": "self",
"summary": "SUSE Bug 1201753",
"url": "https://bugzilla.suse.com/1201753"
},
{
"category": "self",
"summary": "SUSE Bug 1201913",
"url": "https://bugzilla.suse.com/1201913"
},
{
"category": "self",
"summary": "SUSE Bug 1201918",
"url": "https://bugzilla.suse.com/1201918"
},
{
"category": "self",
"summary": "SUSE Bug 1202142",
"url": "https://bugzilla.suse.com/1202142"
},
{
"category": "self",
"summary": "SUSE Bug 1202272",
"url": "https://bugzilla.suse.com/1202272"
},
{
"category": "self",
"summary": "SUSE Bug 1202464",
"url": "https://bugzilla.suse.com/1202464"
},
{
"category": "self",
"summary": "SUSE Bug 1202728",
"url": "https://bugzilla.suse.com/1202728"
},
{
"category": "self",
"summary": "SUSE Bug 1203287",
"url": "https://bugzilla.suse.com/1203287"
},
{
"category": "self",
"summary": "SUSE Bug 1203288",
"url": "https://bugzilla.suse.com/1203288"
},
{
"category": "self",
"summary": "SUSE Bug 1203449",
"url": "https://bugzilla.suse.com/1203449"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-41411 page",
"url": "https://www.suse.com/security/cve/CVE-2021-41411/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-42740 page",
"url": "https://www.suse.com/security/cve/CVE-2021-42740/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-43138 page",
"url": "https://www.suse.com/security/cve/CVE-2021-43138/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-31129 page",
"url": "https://www.suse.com/security/cve/CVE-2022-31129/"
}
],
"title": "Security update for SUSE Manager Server 4.2",
"tracking": {
"current_release_date": "2022-09-19T15:38:45Z",
"generator": {
"date": "2022-09-19T15:38:45Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2022:3314-1",
"initial_release_date": "2022-09-19T15:38:45Z",
"revision_history": [
{
"date": "2022-09-19T15:38:45Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "inter-server-sync-0.2.3-150300.8.22.2.aarch64",
"product": {
"name": "inter-server-sync-0.2.3-150300.8.22.2.aarch64",
"product_id": "inter-server-sync-0.2.3-150300.8.22.2.aarch64"
}
},
{
"category": "product_version",
"name": "patterns-suma_proxy-4.2-150300.4.12.2.aarch64",
"product": {
"name": "patterns-suma_proxy-4.2-150300.4.12.2.aarch64",
"product_id": "patterns-suma_proxy-4.2-150300.4.12.2.aarch64"
}
},
{
"category": "product_version",
"name": "patterns-suma_retail-4.2-150300.4.12.2.aarch64",
"product": {
"name": "patterns-suma_retail-4.2-150300.4.12.2.aarch64",
"product_id": "patterns-suma_retail-4.2-150300.4.12.2.aarch64"
}
},
{
"category": "product_version",
"name": "patterns-suma_server-4.2-150300.4.12.2.aarch64",
"product": {
"name": "patterns-suma_server-4.2-150300.4.12.2.aarch64",
"product_id": "patterns-suma_server-4.2-150300.4.12.2.aarch64"
}
},
{
"category": "product_version",
"name": "python2-uyuni-common-libs-4.2.7-150300.3.9.2.aarch64",
"product": {
"name": "python2-uyuni-common-libs-4.2.7-150300.3.9.2.aarch64",
"product_id": "python2-uyuni-common-libs-4.2.7-150300.3.9.2.aarch64"
}
},
{
"category": "product_version",
"name": "python3-uyuni-common-libs-4.2.7-150300.3.9.2.aarch64",
"product": {
"name": "python3-uyuni-common-libs-4.2.7-150300.3.9.2.aarch64",
"product_id": "python3-uyuni-common-libs-4.2.7-150300.3.9.2.aarch64"
}
},
{
"category": "product_version",
"name": "susemanager-4.2.37-150300.3.41.1.aarch64",
"product": {
"name": "susemanager-4.2.37-150300.3.41.1.aarch64",
"product_id": "susemanager-4.2.37-150300.3.41.1.aarch64"
}
},
{
"category": "product_version",
"name": "susemanager-tools-4.2.37-150300.3.41.1.aarch64",
"product": {
"name": "susemanager-tools-4.2.37-150300.3.41.1.aarch64",
"product_id": "susemanager-tools-4.2.37-150300.3.41.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "drools-7.17.0-150300.4.6.2.noarch",
"product": {
"name": "drools-7.17.0-150300.4.6.2.noarch",
"product_id": "drools-7.17.0-150300.4.6.2.noarch"
}
},
{
"category": "product_version",
"name": "httpcomponents-asyncclient-4.1.4-150300.3.3.2.noarch",
"product": {
"name": "httpcomponents-asyncclient-4.1.4-150300.3.3.2.noarch",
"product_id": "httpcomponents-asyncclient-4.1.4-150300.3.3.2.noarch"
}
},
{
"category": "product_version",
"name": "image-sync-formula-0.1.1661440526.b08d95b-150300.3.3.2.noarch",
"product": {
"name": "image-sync-formula-0.1.1661440526.b08d95b-150300.3.3.2.noarch",
"product_id": "image-sync-formula-0.1.1661440526.b08d95b-150300.3.3.2.noarch"
}
},
{
"category": "product_version",
"name": "mgr-daemon-4.2.10-150300.2.9.4.noarch",
"product": {
"name": "mgr-daemon-4.2.10-150300.2.9.4.noarch",
"product_id": "mgr-daemon-4.2.10-150300.2.9.4.noarch"
}
},
{
"category": "product_version",
"name": "py27-compat-salt-3000.3-150300.7.7.23.2.noarch",
"product": {
"name": "py27-compat-salt-3000.3-150300.7.7.23.2.noarch",
"product_id": "py27-compat-salt-3000.3-150300.7.7.23.2.noarch"
}
},
{
"category": "product_version",
"name": "python2-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
"product": {
"name": "python2-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
"product_id": "python2-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch"
}
},
{
"category": "product_version",
"name": "python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
"product": {
"name": "python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
"product_id": "python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch"
}
},
{
"category": "product_version",
"name": "python3-spacewalk-check-4.2.20-150300.4.24.3.noarch",
"product": {
"name": "python3-spacewalk-check-4.2.20-150300.4.24.3.noarch",
"product_id": "python3-spacewalk-check-4.2.20-150300.4.24.3.noarch"
}
},
{
"category": "product_version",
"name": "python3-spacewalk-client-setup-4.2.20-150300.4.24.3.noarch",
"product": {
"name": "python3-spacewalk-client-setup-4.2.20-150300.4.24.3.noarch",
"product_id": "python3-spacewalk-client-setup-4.2.20-150300.4.24.3.noarch"
}
},
{
"category": "product_version",
"name": "python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
"product": {
"name": "python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
"product_id": "python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch"
}
},
{
"category": "product_version",
"name": "salt-netapi-client-0.20.0-150300.3.9.4.noarch",
"product": {
"name": "salt-netapi-client-0.20.0-150300.3.9.4.noarch",
"product_id": "salt-netapi-client-0.20.0-150300.3.9.4.noarch"
}
},
{
"category": "product_version",
"name": "salt-netapi-client-javadoc-0.20.0-150300.3.9.4.noarch",
"product": {
"name": "salt-netapi-client-javadoc-0.20.0-150300.3.9.4.noarch",
"product_id": "salt-netapi-client-javadoc-0.20.0-150300.3.9.4.noarch"
}
},
{
"category": "product_version",
"name": "saltboot-formula-0.1.1661440526.b08d95b-150300.3.12.2.noarch",
"product": {
"name": "saltboot-formula-0.1.1661440526.b08d95b-150300.3.12.2.noarch",
"product_id": "saltboot-formula-0.1.1661440526.b08d95b-150300.3.12.2.noarch"
}
},
{
"category": "product_version",
"name": "spacecmd-4.2.19-150300.4.27.2.noarch",
"product": {
"name": "spacecmd-4.2.19-150300.4.27.2.noarch",
"product_id": "spacecmd-4.2.19-150300.4.27.2.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-admin-4.2.12-150300.3.15.3.noarch",
"product": {
"name": "spacewalk-admin-4.2.12-150300.3.15.3.noarch",
"product_id": "spacewalk-admin-4.2.12-150300.3.15.3.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-4.2.24-150300.4.29.5.noarch",
"product": {
"name": "spacewalk-backend-4.2.24-150300.4.29.5.noarch",
"product_id": "spacewalk-backend-4.2.24-150300.4.29.5.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-app-4.2.24-150300.4.29.5.noarch",
"product": {
"name": "spacewalk-backend-app-4.2.24-150300.4.29.5.noarch",
"product_id": "spacewalk-backend-app-4.2.24-150300.4.29.5.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-applet-4.2.24-150300.4.29.5.noarch",
"product": {
"name": "spacewalk-backend-applet-4.2.24-150300.4.29.5.noarch",
"product_id": "spacewalk-backend-applet-4.2.24-150300.4.29.5.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-cdn-4.2.24-150300.4.29.5.noarch",
"product": {
"name": "spacewalk-backend-cdn-4.2.24-150300.4.29.5.noarch",
"product_id": "spacewalk-backend-cdn-4.2.24-150300.4.29.5.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-config-files-4.2.24-150300.4.29.5.noarch",
"product": {
"name": "spacewalk-backend-config-files-4.2.24-150300.4.29.5.noarch",
"product_id": "spacewalk-backend-config-files-4.2.24-150300.4.29.5.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-config-files-common-4.2.24-150300.4.29.5.noarch",
"product": {
"name": "spacewalk-backend-config-files-common-4.2.24-150300.4.29.5.noarch",
"product_id": "spacewalk-backend-config-files-common-4.2.24-150300.4.29.5.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-config-files-tool-4.2.24-150300.4.29.5.noarch",
"product": {
"name": "spacewalk-backend-config-files-tool-4.2.24-150300.4.29.5.noarch",
"product_id": "spacewalk-backend-config-files-tool-4.2.24-150300.4.29.5.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-iss-4.2.24-150300.4.29.5.noarch",
"product": {
"name": "spacewalk-backend-iss-4.2.24-150300.4.29.5.noarch",
"product_id": "spacewalk-backend-iss-4.2.24-150300.4.29.5.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-iss-export-4.2.24-150300.4.29.5.noarch",
"product": {
"name": "spacewalk-backend-iss-export-4.2.24-150300.4.29.5.noarch",
"product_id": "spacewalk-backend-iss-export-4.2.24-150300.4.29.5.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-package-push-server-4.2.24-150300.4.29.5.noarch",
"product": {
"name": "spacewalk-backend-package-push-server-4.2.24-150300.4.29.5.noarch",
"product_id": "spacewalk-backend-package-push-server-4.2.24-150300.4.29.5.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-server-4.2.24-150300.4.29.5.noarch",
"product": {
"name": "spacewalk-backend-server-4.2.24-150300.4.29.5.noarch",
"product_id": "spacewalk-backend-server-4.2.24-150300.4.29.5.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-sql-4.2.24-150300.4.29.5.noarch",
"product": {
"name": "spacewalk-backend-sql-4.2.24-150300.4.29.5.noarch",
"product_id": "spacewalk-backend-sql-4.2.24-150300.4.29.5.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-sql-postgresql-4.2.24-150300.4.29.5.noarch",
"product": {
"name": "spacewalk-backend-sql-postgresql-4.2.24-150300.4.29.5.noarch",
"product_id": "spacewalk-backend-sql-postgresql-4.2.24-150300.4.29.5.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-tools-4.2.24-150300.4.29.5.noarch",
"product": {
"name": "spacewalk-backend-tools-4.2.24-150300.4.29.5.noarch",
"product_id": "spacewalk-backend-tools-4.2.24-150300.4.29.5.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-xml-export-libs-4.2.24-150300.4.29.5.noarch",
"product": {
"name": "spacewalk-backend-xml-export-libs-4.2.24-150300.4.29.5.noarch",
"product_id": "spacewalk-backend-xml-export-libs-4.2.24-150300.4.29.5.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-xmlrpc-4.2.24-150300.4.29.5.noarch",
"product": {
"name": "spacewalk-backend-xmlrpc-4.2.24-150300.4.29.5.noarch",
"product_id": "spacewalk-backend-xmlrpc-4.2.24-150300.4.29.5.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-base-4.2.29-150300.3.27.3.noarch",
"product": {
"name": "spacewalk-base-4.2.29-150300.3.27.3.noarch",
"product_id": "spacewalk-base-4.2.29-150300.3.27.3.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch",
"product": {
"name": "spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch",
"product_id": "spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch",
"product": {
"name": "spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch",
"product_id": "spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
"product": {
"name": "spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
"product_id": "spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-check-4.2.20-150300.4.24.3.noarch",
"product": {
"name": "spacewalk-check-4.2.20-150300.4.24.3.noarch",
"product_id": "spacewalk-check-4.2.20-150300.4.24.3.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-client-setup-4.2.20-150300.4.24.3.noarch",
"product": {
"name": "spacewalk-client-setup-4.2.20-150300.4.24.3.noarch",
"product_id": "spacewalk-client-setup-4.2.20-150300.4.24.3.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
"product": {
"name": "spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
"product_id": "spacewalk-client-tools-4.2.20-150300.4.24.3.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-dobby-4.2.29-150300.3.27.3.noarch",
"product": {
"name": "spacewalk-dobby-4.2.29-150300.3.27.3.noarch",
"product_id": "spacewalk-dobby-4.2.29-150300.3.27.3.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-html-4.2.29-150300.3.27.3.noarch",
"product": {
"name": "spacewalk-html-4.2.29-150300.3.27.3.noarch",
"product_id": "spacewalk-html-4.2.29-150300.3.27.3.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-html-debug-4.2.29-150300.3.27.3.noarch",
"product": {
"name": "spacewalk-html-debug-4.2.29-150300.3.27.3.noarch",
"product_id": "spacewalk-html-debug-4.2.29-150300.3.27.3.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-java-4.2.41-150300.3.43.5.noarch",
"product": {
"name": "spacewalk-java-4.2.41-150300.3.43.5.noarch",
"product_id": "spacewalk-java-4.2.41-150300.3.43.5.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-java-apidoc-sources-4.2.41-150300.3.43.5.noarch",
"product": {
"name": "spacewalk-java-apidoc-sources-4.2.41-150300.3.43.5.noarch",
"product_id": "spacewalk-java-apidoc-sources-4.2.41-150300.3.43.5.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-java-config-4.2.41-150300.3.43.5.noarch",
"product": {
"name": "spacewalk-java-config-4.2.41-150300.3.43.5.noarch",
"product_id": "spacewalk-java-config-4.2.41-150300.3.43.5.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-java-lib-4.2.41-150300.3.43.5.noarch",
"product": {
"name": "spacewalk-java-lib-4.2.41-150300.3.43.5.noarch",
"product_id": "spacewalk-java-lib-4.2.41-150300.3.43.5.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-java-postgresql-4.2.41-150300.3.43.5.noarch",
"product": {
"name": "spacewalk-java-postgresql-4.2.41-150300.3.43.5.noarch",
"product_id": "spacewalk-java-postgresql-4.2.41-150300.3.43.5.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-proxy-broker-4.2.12-150300.3.21.3.noarch",
"product": {
"name": "spacewalk-proxy-broker-4.2.12-150300.3.21.3.noarch",
"product_id": "spacewalk-proxy-broker-4.2.12-150300.3.21.3.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-proxy-common-4.2.12-150300.3.21.3.noarch",
"product": {
"name": "spacewalk-proxy-common-4.2.12-150300.3.21.3.noarch",
"product_id": "spacewalk-proxy-common-4.2.12-150300.3.21.3.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-proxy-management-4.2.12-150300.3.21.3.noarch",
"product": {
"name": "spacewalk-proxy-management-4.2.12-150300.3.21.3.noarch",
"product_id": "spacewalk-proxy-management-4.2.12-150300.3.21.3.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-proxy-package-manager-4.2.12-150300.3.21.3.noarch",
"product": {
"name": "spacewalk-proxy-package-manager-4.2.12-150300.3.21.3.noarch",
"product_id": "spacewalk-proxy-package-manager-4.2.12-150300.3.21.3.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-proxy-redirect-4.2.12-150300.3.21.3.noarch",
"product": {
"name": "spacewalk-proxy-redirect-4.2.12-150300.3.21.3.noarch",
"product_id": "spacewalk-proxy-redirect-4.2.12-150300.3.21.3.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-proxy-salt-4.2.12-150300.3.21.3.noarch",
"product": {
"name": "spacewalk-proxy-salt-4.2.12-150300.3.21.3.noarch",
"product_id": "spacewalk-proxy-salt-4.2.12-150300.3.21.3.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-search-4.2.8-150300.3.12.2.noarch",
"product": {
"name": "spacewalk-search-4.2.8-150300.3.12.2.noarch",
"product_id": "spacewalk-search-4.2.8-150300.3.12.2.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-taskomatic-4.2.41-150300.3.43.5.noarch",
"product": {
"name": "spacewalk-taskomatic-4.2.41-150300.3.43.5.noarch",
"product_id": "spacewalk-taskomatic-4.2.41-150300.3.43.5.noarch"
}
},
{
"category": "product_version",
"name": "subscription-matcher-0.29-150300.6.12.2.noarch",
"product": {
"name": "subscription-matcher-0.29-150300.6.12.2.noarch",
"product_id": "subscription-matcher-0.29-150300.6.12.2.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-doc-indexes-4.2-150300.12.33.4.noarch",
"product": {
"name": "susemanager-doc-indexes-4.2-150300.12.33.4.noarch",
"product_id": "susemanager-doc-indexes-4.2-150300.12.33.4.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-docs_en-4.2-150300.12.33.2.noarch",
"product": {
"name": "susemanager-docs_en-4.2-150300.12.33.2.noarch",
"product_id": "susemanager-docs_en-4.2-150300.12.33.2.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-docs_en-pdf-4.2-150300.12.33.2.noarch",
"product": {
"name": "susemanager-docs_en-pdf-4.2-150300.12.33.2.noarch",
"product_id": "susemanager-docs_en-pdf-4.2-150300.12.33.2.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-schema-4.2.24-150300.3.27.3.noarch",
"product": {
"name": "susemanager-schema-4.2.24-150300.3.27.3.noarch",
"product_id": "susemanager-schema-4.2.24-150300.3.27.3.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-schema-sanity-4.2.24-150300.3.27.3.noarch",
"product": {
"name": "susemanager-schema-sanity-4.2.24-150300.3.27.3.noarch",
"product_id": "susemanager-schema-sanity-4.2.24-150300.3.27.3.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-sls-4.2.27-150300.3.33.4.noarch",
"product": {
"name": "susemanager-sls-4.2.27-150300.3.33.4.noarch",
"product_id": "susemanager-sls-4.2.27-150300.3.33.4.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-tftpsync-recv-4.2.5-150300.3.6.2.noarch",
"product": {
"name": "susemanager-tftpsync-recv-4.2.5-150300.3.6.2.noarch",
"product_id": "susemanager-tftpsync-recv-4.2.5-150300.3.6.2.noarch"
}
},
{
"category": "product_version",
"name": "uyuni-config-modules-4.2.27-150300.3.33.4.noarch",
"product": {
"name": "uyuni-config-modules-4.2.27-150300.3.33.4.noarch",
"product_id": "uyuni-config-modules-4.2.27-150300.3.33.4.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "inter-server-sync-0.2.3-150300.8.22.2.ppc64le",
"product": {
"name": "inter-server-sync-0.2.3-150300.8.22.2.ppc64le",
"product_id": "inter-server-sync-0.2.3-150300.8.22.2.ppc64le"
}
},
{
"category": "product_version",
"name": "patterns-suma_proxy-4.2-150300.4.12.2.ppc64le",
"product": {
"name": "patterns-suma_proxy-4.2-150300.4.12.2.ppc64le",
"product_id": "patterns-suma_proxy-4.2-150300.4.12.2.ppc64le"
}
},
{
"category": "product_version",
"name": "patterns-suma_retail-4.2-150300.4.12.2.ppc64le",
"product": {
"name": "patterns-suma_retail-4.2-150300.4.12.2.ppc64le",
"product_id": "patterns-suma_retail-4.2-150300.4.12.2.ppc64le"
}
},
{
"category": "product_version",
"name": "patterns-suma_server-4.2-150300.4.12.2.ppc64le",
"product": {
"name": "patterns-suma_server-4.2-150300.4.12.2.ppc64le",
"product_id": "patterns-suma_server-4.2-150300.4.12.2.ppc64le"
}
},
{
"category": "product_version",
"name": "python2-uyuni-common-libs-4.2.7-150300.3.9.2.ppc64le",
"product": {
"name": "python2-uyuni-common-libs-4.2.7-150300.3.9.2.ppc64le",
"product_id": "python2-uyuni-common-libs-4.2.7-150300.3.9.2.ppc64le"
}
},
{
"category": "product_version",
"name": "python3-uyuni-common-libs-4.2.7-150300.3.9.2.ppc64le",
"product": {
"name": "python3-uyuni-common-libs-4.2.7-150300.3.9.2.ppc64le",
"product_id": "python3-uyuni-common-libs-4.2.7-150300.3.9.2.ppc64le"
}
},
{
"category": "product_version",
"name": "susemanager-4.2.37-150300.3.41.1.ppc64le",
"product": {
"name": "susemanager-4.2.37-150300.3.41.1.ppc64le",
"product_id": "susemanager-4.2.37-150300.3.41.1.ppc64le"
}
},
{
"category": "product_version",
"name": "susemanager-tools-4.2.37-150300.3.41.1.ppc64le",
"product": {
"name": "susemanager-tools-4.2.37-150300.3.41.1.ppc64le",
"product_id": "susemanager-tools-4.2.37-150300.3.41.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "inter-server-sync-0.2.3-150300.8.22.2.s390x",
"product": {
"name": "inter-server-sync-0.2.3-150300.8.22.2.s390x",
"product_id": "inter-server-sync-0.2.3-150300.8.22.2.s390x"
}
},
{
"category": "product_version",
"name": "patterns-suma_proxy-4.2-150300.4.12.2.s390x",
"product": {
"name": "patterns-suma_proxy-4.2-150300.4.12.2.s390x",
"product_id": "patterns-suma_proxy-4.2-150300.4.12.2.s390x"
}
},
{
"category": "product_version",
"name": "patterns-suma_retail-4.2-150300.4.12.2.s390x",
"product": {
"name": "patterns-suma_retail-4.2-150300.4.12.2.s390x",
"product_id": "patterns-suma_retail-4.2-150300.4.12.2.s390x"
}
},
{
"category": "product_version",
"name": "patterns-suma_server-4.2-150300.4.12.2.s390x",
"product": {
"name": "patterns-suma_server-4.2-150300.4.12.2.s390x",
"product_id": "patterns-suma_server-4.2-150300.4.12.2.s390x"
}
},
{
"category": "product_version",
"name": "python2-uyuni-common-libs-4.2.7-150300.3.9.2.s390x",
"product": {
"name": "python2-uyuni-common-libs-4.2.7-150300.3.9.2.s390x",
"product_id": "python2-uyuni-common-libs-4.2.7-150300.3.9.2.s390x"
}
},
{
"category": "product_version",
"name": "python3-uyuni-common-libs-4.2.7-150300.3.9.2.s390x",
"product": {
"name": "python3-uyuni-common-libs-4.2.7-150300.3.9.2.s390x",
"product_id": "python3-uyuni-common-libs-4.2.7-150300.3.9.2.s390x"
}
},
{
"category": "product_version",
"name": "susemanager-4.2.37-150300.3.41.1.s390x",
"product": {
"name": "susemanager-4.2.37-150300.3.41.1.s390x",
"product_id": "susemanager-4.2.37-150300.3.41.1.s390x"
}
},
{
"category": "product_version",
"name": "susemanager-tools-4.2.37-150300.3.41.1.s390x",
"product": {
"name": "susemanager-tools-4.2.37-150300.3.41.1.s390x",
"product_id": "susemanager-tools-4.2.37-150300.3.41.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "inter-server-sync-0.2.3-150300.8.22.2.x86_64",
"product": {
"name": "inter-server-sync-0.2.3-150300.8.22.2.x86_64",
"product_id": "inter-server-sync-0.2.3-150300.8.22.2.x86_64"
}
},
{
"category": "product_version",
"name": "patterns-suma_proxy-4.2-150300.4.12.2.x86_64",
"product": {
"name": "patterns-suma_proxy-4.2-150300.4.12.2.x86_64",
"product_id": "patterns-suma_proxy-4.2-150300.4.12.2.x86_64"
}
},
{
"category": "product_version",
"name": "patterns-suma_retail-4.2-150300.4.12.2.x86_64",
"product": {
"name": "patterns-suma_retail-4.2-150300.4.12.2.x86_64",
"product_id": "patterns-suma_retail-4.2-150300.4.12.2.x86_64"
}
},
{
"category": "product_version",
"name": "patterns-suma_server-4.2-150300.4.12.2.x86_64",
"product": {
"name": "patterns-suma_server-4.2-150300.4.12.2.x86_64",
"product_id": "patterns-suma_server-4.2-150300.4.12.2.x86_64"
}
},
{
"category": "product_version",
"name": "python2-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64",
"product": {
"name": "python2-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64",
"product_id": "python2-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64"
}
},
{
"category": "product_version",
"name": "python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64",
"product": {
"name": "python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64",
"product_id": "python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64"
}
},
{
"category": "product_version",
"name": "susemanager-4.2.37-150300.3.41.1.x86_64",
"product": {
"name": "susemanager-4.2.37-150300.3.41.1.x86_64",
"product_id": "susemanager-4.2.37-150300.3.41.1.x86_64"
}
},
{
"category": "product_version",
"name": "susemanager-tools-4.2.37-150300.3.41.1.x86_64",
"product": {
"name": "susemanager-tools-4.2.37-150300.3.41.1.x86_64",
"product_id": "susemanager-tools-4.2.37-150300.3.41.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Manager Proxy Module 4.2",
"product": {
"name": "SUSE Manager Proxy Module 4.2",
"product_id": "SUSE Manager Proxy Module 4.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-suse-manager-proxy:4.2"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Server Module 4.2",
"product": {
"name": "SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-suse-manager-server:4.2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "mgr-daemon-4.2.10-150300.2.9.4.noarch as component of SUSE Manager Proxy Module 4.2",
"product_id": "SUSE Manager Proxy Module 4.2:mgr-daemon-4.2.10-150300.2.9.4.noarch"
},
"product_reference": "mgr-daemon-4.2.10-150300.2.9.4.noarch",
"relates_to_product_reference": "SUSE Manager Proxy Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "patterns-suma_proxy-4.2-150300.4.12.2.x86_64 as component of SUSE Manager Proxy Module 4.2",
"product_id": "SUSE Manager Proxy Module 4.2:patterns-suma_proxy-4.2-150300.4.12.2.x86_64"
},
"product_reference": "patterns-suma_proxy-4.2-150300.4.12.2.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch as component of SUSE Manager Proxy Module 4.2",
"product_id": "SUSE Manager Proxy Module 4.2:python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch"
},
"product_reference": "python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
"relates_to_product_reference": "SUSE Manager Proxy Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-spacewalk-check-4.2.20-150300.4.24.3.noarch as component of SUSE Manager Proxy Module 4.2",
"product_id": "SUSE Manager Proxy Module 4.2:python3-spacewalk-check-4.2.20-150300.4.24.3.noarch"
},
"product_reference": "python3-spacewalk-check-4.2.20-150300.4.24.3.noarch",
"relates_to_product_reference": "SUSE Manager Proxy Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-spacewalk-client-setup-4.2.20-150300.4.24.3.noarch as component of SUSE Manager Proxy Module 4.2",
"product_id": "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-setup-4.2.20-150300.4.24.3.noarch"
},
"product_reference": "python3-spacewalk-client-setup-4.2.20-150300.4.24.3.noarch",
"relates_to_product_reference": "SUSE Manager Proxy Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch as component of SUSE Manager Proxy Module 4.2",
"product_id": "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch"
},
"product_reference": "python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
"relates_to_product_reference": "SUSE Manager Proxy Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64 as component of SUSE Manager Proxy Module 4.2",
"product_id": "SUSE Manager Proxy Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64"
},
"product_reference": "python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacecmd-4.2.19-150300.4.27.2.noarch as component of SUSE Manager Proxy Module 4.2",
"product_id": "SUSE Manager Proxy Module 4.2:spacecmd-4.2.19-150300.4.27.2.noarch"
},
"product_reference": "spacecmd-4.2.19-150300.4.27.2.noarch",
"relates_to_product_reference": "SUSE Manager Proxy Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-4.2.24-150300.4.29.5.noarch as component of SUSE Manager Proxy Module 4.2",
"product_id": "SUSE Manager Proxy Module 4.2:spacewalk-backend-4.2.24-150300.4.29.5.noarch"
},
"product_reference": "spacewalk-backend-4.2.24-150300.4.29.5.noarch",
"relates_to_product_reference": "SUSE Manager Proxy Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch as component of SUSE Manager Proxy Module 4.2",
"product_id": "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch"
},
"product_reference": "spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch",
"relates_to_product_reference": "SUSE Manager Proxy Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch as component of SUSE Manager Proxy Module 4.2",
"product_id": "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch"
},
"product_reference": "spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch",
"relates_to_product_reference": "SUSE Manager Proxy Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch as component of SUSE Manager Proxy Module 4.2",
"product_id": "SUSE Manager Proxy Module 4.2:spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch"
},
"product_reference": "spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
"relates_to_product_reference": "SUSE Manager Proxy Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-check-4.2.20-150300.4.24.3.noarch as component of SUSE Manager Proxy Module 4.2",
"product_id": "SUSE Manager Proxy Module 4.2:spacewalk-check-4.2.20-150300.4.24.3.noarch"
},
"product_reference": "spacewalk-check-4.2.20-150300.4.24.3.noarch",
"relates_to_product_reference": "SUSE Manager Proxy Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-client-setup-4.2.20-150300.4.24.3.noarch as component of SUSE Manager Proxy Module 4.2",
"product_id": "SUSE Manager Proxy Module 4.2:spacewalk-client-setup-4.2.20-150300.4.24.3.noarch"
},
"product_reference": "spacewalk-client-setup-4.2.20-150300.4.24.3.noarch",
"relates_to_product_reference": "SUSE Manager Proxy Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-client-tools-4.2.20-150300.4.24.3.noarch as component of SUSE Manager Proxy Module 4.2",
"product_id": "SUSE Manager Proxy Module 4.2:spacewalk-client-tools-4.2.20-150300.4.24.3.noarch"
},
"product_reference": "spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
"relates_to_product_reference": "SUSE Manager Proxy Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-proxy-broker-4.2.12-150300.3.21.3.noarch as component of SUSE Manager Proxy Module 4.2",
"product_id": "SUSE Manager Proxy Module 4.2:spacewalk-proxy-broker-4.2.12-150300.3.21.3.noarch"
},
"product_reference": "spacewalk-proxy-broker-4.2.12-150300.3.21.3.noarch",
"relates_to_product_reference": "SUSE Manager Proxy Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-proxy-common-4.2.12-150300.3.21.3.noarch as component of SUSE Manager Proxy Module 4.2",
"product_id": "SUSE Manager Proxy Module 4.2:spacewalk-proxy-common-4.2.12-150300.3.21.3.noarch"
},
"product_reference": "spacewalk-proxy-common-4.2.12-150300.3.21.3.noarch",
"relates_to_product_reference": "SUSE Manager Proxy Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-proxy-management-4.2.12-150300.3.21.3.noarch as component of SUSE Manager Proxy Module 4.2",
"product_id": "SUSE Manager Proxy Module 4.2:spacewalk-proxy-management-4.2.12-150300.3.21.3.noarch"
},
"product_reference": "spacewalk-proxy-management-4.2.12-150300.3.21.3.noarch",
"relates_to_product_reference": "SUSE Manager Proxy Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-proxy-package-manager-4.2.12-150300.3.21.3.noarch as component of SUSE Manager Proxy Module 4.2",
"product_id": "SUSE Manager Proxy Module 4.2:spacewalk-proxy-package-manager-4.2.12-150300.3.21.3.noarch"
},
"product_reference": "spacewalk-proxy-package-manager-4.2.12-150300.3.21.3.noarch",
"relates_to_product_reference": "SUSE Manager Proxy Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-proxy-redirect-4.2.12-150300.3.21.3.noarch as component of SUSE Manager Proxy Module 4.2",
"product_id": "SUSE Manager Proxy Module 4.2:spacewalk-proxy-redirect-4.2.12-150300.3.21.3.noarch"
},
"product_reference": "spacewalk-proxy-redirect-4.2.12-150300.3.21.3.noarch",
"relates_to_product_reference": "SUSE Manager Proxy Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-proxy-salt-4.2.12-150300.3.21.3.noarch as component of SUSE Manager Proxy Module 4.2",
"product_id": "SUSE Manager Proxy Module 4.2:spacewalk-proxy-salt-4.2.12-150300.3.21.3.noarch"
},
"product_reference": "spacewalk-proxy-salt-4.2.12-150300.3.21.3.noarch",
"relates_to_product_reference": "SUSE Manager Proxy Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-tftpsync-recv-4.2.5-150300.3.6.2.noarch as component of SUSE Manager Proxy Module 4.2",
"product_id": "SUSE Manager Proxy Module 4.2:susemanager-tftpsync-recv-4.2.5-150300.3.6.2.noarch"
},
"product_reference": "susemanager-tftpsync-recv-4.2.5-150300.3.6.2.noarch",
"relates_to_product_reference": "SUSE Manager Proxy Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "drools-7.17.0-150300.4.6.2.noarch as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:drools-7.17.0-150300.4.6.2.noarch"
},
"product_reference": "drools-7.17.0-150300.4.6.2.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpcomponents-asyncclient-4.1.4-150300.3.3.2.noarch as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:httpcomponents-asyncclient-4.1.4-150300.3.3.2.noarch"
},
"product_reference": "httpcomponents-asyncclient-4.1.4-150300.3.3.2.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "image-sync-formula-0.1.1661440526.b08d95b-150300.3.3.2.noarch as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:image-sync-formula-0.1.1661440526.b08d95b-150300.3.3.2.noarch"
},
"product_reference": "image-sync-formula-0.1.1661440526.b08d95b-150300.3.3.2.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "inter-server-sync-0.2.3-150300.8.22.2.ppc64le as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.ppc64le"
},
"product_reference": "inter-server-sync-0.2.3-150300.8.22.2.ppc64le",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "inter-server-sync-0.2.3-150300.8.22.2.s390x as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.s390x"
},
"product_reference": "inter-server-sync-0.2.3-150300.8.22.2.s390x",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "inter-server-sync-0.2.3-150300.8.22.2.x86_64 as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.x86_64"
},
"product_reference": "inter-server-sync-0.2.3-150300.8.22.2.x86_64",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "patterns-suma_retail-4.2-150300.4.12.2.ppc64le as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.ppc64le"
},
"product_reference": "patterns-suma_retail-4.2-150300.4.12.2.ppc64le",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "patterns-suma_retail-4.2-150300.4.12.2.s390x as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.s390x"
},
"product_reference": "patterns-suma_retail-4.2-150300.4.12.2.s390x",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "patterns-suma_retail-4.2-150300.4.12.2.x86_64 as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.x86_64"
},
"product_reference": "patterns-suma_retail-4.2-150300.4.12.2.x86_64",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "patterns-suma_server-4.2-150300.4.12.2.ppc64le as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.ppc64le"
},
"product_reference": "patterns-suma_server-4.2-150300.4.12.2.ppc64le",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "patterns-suma_server-4.2-150300.4.12.2.s390x as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.s390x"
},
"product_reference": "patterns-suma_server-4.2-150300.4.12.2.s390x",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "patterns-suma_server-4.2-150300.4.12.2.x86_64 as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.x86_64"
},
"product_reference": "patterns-suma_server-4.2-150300.4.12.2.x86_64",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "py27-compat-salt-3000.3-150300.7.7.23.2.noarch as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:py27-compat-salt-3000.3-150300.7.7.23.2.noarch"
},
"product_reference": "py27-compat-salt-3000.3-150300.7.7.23.2.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch"
},
"product_reference": "python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch"
},
"product_reference": "python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-uyuni-common-libs-4.2.7-150300.3.9.2.ppc64le as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.ppc64le"
},
"product_reference": "python3-uyuni-common-libs-4.2.7-150300.3.9.2.ppc64le",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-uyuni-common-libs-4.2.7-150300.3.9.2.s390x as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.s390x"
},
"product_reference": "python3-uyuni-common-libs-4.2.7-150300.3.9.2.s390x",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64 as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64"
},
"product_reference": "python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "salt-netapi-client-0.20.0-150300.3.9.4.noarch as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:salt-netapi-client-0.20.0-150300.3.9.4.noarch"
},
"product_reference": "salt-netapi-client-0.20.0-150300.3.9.4.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltboot-formula-0.1.1661440526.b08d95b-150300.3.12.2.noarch as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:saltboot-formula-0.1.1661440526.b08d95b-150300.3.12.2.noarch"
},
"product_reference": "saltboot-formula-0.1.1661440526.b08d95b-150300.3.12.2.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacecmd-4.2.19-150300.4.27.2.noarch as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:spacecmd-4.2.19-150300.4.27.2.noarch"
},
"product_reference": "spacecmd-4.2.19-150300.4.27.2.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-admin-4.2.12-150300.3.15.3.noarch as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:spacewalk-admin-4.2.12-150300.3.15.3.noarch"
},
"product_reference": "spacewalk-admin-4.2.12-150300.3.15.3.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-4.2.24-150300.4.29.5.noarch as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:spacewalk-backend-4.2.24-150300.4.29.5.noarch"
},
"product_reference": "spacewalk-backend-4.2.24-150300.4.29.5.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-app-4.2.24-150300.4.29.5.noarch as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:spacewalk-backend-app-4.2.24-150300.4.29.5.noarch"
},
"product_reference": "spacewalk-backend-app-4.2.24-150300.4.29.5.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-applet-4.2.24-150300.4.29.5.noarch as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:spacewalk-backend-applet-4.2.24-150300.4.29.5.noarch"
},
"product_reference": "spacewalk-backend-applet-4.2.24-150300.4.29.5.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-config-files-4.2.24-150300.4.29.5.noarch as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-4.2.24-150300.4.29.5.noarch"
},
"product_reference": "spacewalk-backend-config-files-4.2.24-150300.4.29.5.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-config-files-common-4.2.24-150300.4.29.5.noarch as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-common-4.2.24-150300.4.29.5.noarch"
},
"product_reference": "spacewalk-backend-config-files-common-4.2.24-150300.4.29.5.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-config-files-tool-4.2.24-150300.4.29.5.noarch as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-tool-4.2.24-150300.4.29.5.noarch"
},
"product_reference": "spacewalk-backend-config-files-tool-4.2.24-150300.4.29.5.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-iss-4.2.24-150300.4.29.5.noarch as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:spacewalk-backend-iss-4.2.24-150300.4.29.5.noarch"
},
"product_reference": "spacewalk-backend-iss-4.2.24-150300.4.29.5.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-iss-export-4.2.24-150300.4.29.5.noarch as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:spacewalk-backend-iss-export-4.2.24-150300.4.29.5.noarch"
},
"product_reference": "spacewalk-backend-iss-export-4.2.24-150300.4.29.5.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-package-push-server-4.2.24-150300.4.29.5.noarch as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:spacewalk-backend-package-push-server-4.2.24-150300.4.29.5.noarch"
},
"product_reference": "spacewalk-backend-package-push-server-4.2.24-150300.4.29.5.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-server-4.2.24-150300.4.29.5.noarch as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:spacewalk-backend-server-4.2.24-150300.4.29.5.noarch"
},
"product_reference": "spacewalk-backend-server-4.2.24-150300.4.29.5.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-sql-4.2.24-150300.4.29.5.noarch as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:spacewalk-backend-sql-4.2.24-150300.4.29.5.noarch"
},
"product_reference": "spacewalk-backend-sql-4.2.24-150300.4.29.5.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-sql-postgresql-4.2.24-150300.4.29.5.noarch as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:spacewalk-backend-sql-postgresql-4.2.24-150300.4.29.5.noarch"
},
"product_reference": "spacewalk-backend-sql-postgresql-4.2.24-150300.4.29.5.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-tools-4.2.24-150300.4.29.5.noarch as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:spacewalk-backend-tools-4.2.24-150300.4.29.5.noarch"
},
"product_reference": "spacewalk-backend-tools-4.2.24-150300.4.29.5.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-xml-export-libs-4.2.24-150300.4.29.5.noarch as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:spacewalk-backend-xml-export-libs-4.2.24-150300.4.29.5.noarch"
},
"product_reference": "spacewalk-backend-xml-export-libs-4.2.24-150300.4.29.5.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-xmlrpc-4.2.24-150300.4.29.5.noarch as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:spacewalk-backend-xmlrpc-4.2.24-150300.4.29.5.noarch"
},
"product_reference": "spacewalk-backend-xmlrpc-4.2.24-150300.4.29.5.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-base-4.2.29-150300.3.27.3.noarch as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:spacewalk-base-4.2.29-150300.3.27.3.noarch"
},
"product_reference": "spacewalk-base-4.2.29-150300.3.27.3.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch"
},
"product_reference": "spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch"
},
"product_reference": "spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch"
},
"product_reference": "spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-client-tools-4.2.20-150300.4.24.3.noarch as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:spacewalk-client-tools-4.2.20-150300.4.24.3.noarch"
},
"product_reference": "spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-html-4.2.29-150300.3.27.3.noarch as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:spacewalk-html-4.2.29-150300.3.27.3.noarch"
},
"product_reference": "spacewalk-html-4.2.29-150300.3.27.3.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-java-4.2.41-150300.3.43.5.noarch as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:spacewalk-java-4.2.41-150300.3.43.5.noarch"
},
"product_reference": "spacewalk-java-4.2.41-150300.3.43.5.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-java-config-4.2.41-150300.3.43.5.noarch as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:spacewalk-java-config-4.2.41-150300.3.43.5.noarch"
},
"product_reference": "spacewalk-java-config-4.2.41-150300.3.43.5.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-java-lib-4.2.41-150300.3.43.5.noarch as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:spacewalk-java-lib-4.2.41-150300.3.43.5.noarch"
},
"product_reference": "spacewalk-java-lib-4.2.41-150300.3.43.5.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-java-postgresql-4.2.41-150300.3.43.5.noarch as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:spacewalk-java-postgresql-4.2.41-150300.3.43.5.noarch"
},
"product_reference": "spacewalk-java-postgresql-4.2.41-150300.3.43.5.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-search-4.2.8-150300.3.12.2.noarch as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:spacewalk-search-4.2.8-150300.3.12.2.noarch"
},
"product_reference": "spacewalk-search-4.2.8-150300.3.12.2.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-taskomatic-4.2.41-150300.3.43.5.noarch as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:spacewalk-taskomatic-4.2.41-150300.3.43.5.noarch"
},
"product_reference": "spacewalk-taskomatic-4.2.41-150300.3.43.5.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "subscription-matcher-0.29-150300.6.12.2.noarch as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:subscription-matcher-0.29-150300.6.12.2.noarch"
},
"product_reference": "subscription-matcher-0.29-150300.6.12.2.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-4.2.37-150300.3.41.1.ppc64le as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.ppc64le"
},
"product_reference": "susemanager-4.2.37-150300.3.41.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-4.2.37-150300.3.41.1.s390x as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.s390x"
},
"product_reference": "susemanager-4.2.37-150300.3.41.1.s390x",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-4.2.37-150300.3.41.1.x86_64 as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.x86_64"
},
"product_reference": "susemanager-4.2.37-150300.3.41.1.x86_64",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-doc-indexes-4.2-150300.12.33.4.noarch as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:susemanager-doc-indexes-4.2-150300.12.33.4.noarch"
},
"product_reference": "susemanager-doc-indexes-4.2-150300.12.33.4.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-docs_en-4.2-150300.12.33.2.noarch as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:susemanager-docs_en-4.2-150300.12.33.2.noarch"
},
"product_reference": "susemanager-docs_en-4.2-150300.12.33.2.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-docs_en-pdf-4.2-150300.12.33.2.noarch as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:susemanager-docs_en-pdf-4.2-150300.12.33.2.noarch"
},
"product_reference": "susemanager-docs_en-pdf-4.2-150300.12.33.2.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-schema-4.2.24-150300.3.27.3.noarch as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:susemanager-schema-4.2.24-150300.3.27.3.noarch"
},
"product_reference": "susemanager-schema-4.2.24-150300.3.27.3.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-sls-4.2.27-150300.3.33.4.noarch as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:susemanager-sls-4.2.27-150300.3.33.4.noarch"
},
"product_reference": "susemanager-sls-4.2.27-150300.3.33.4.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-tools-4.2.37-150300.3.41.1.ppc64le as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.ppc64le"
},
"product_reference": "susemanager-tools-4.2.37-150300.3.41.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-tools-4.2.37-150300.3.41.1.s390x as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.s390x"
},
"product_reference": "susemanager-tools-4.2.37-150300.3.41.1.s390x",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-tools-4.2.37-150300.3.41.1.x86_64 as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.x86_64"
},
"product_reference": "susemanager-tools-4.2.37-150300.3.41.1.x86_64",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "uyuni-config-modules-4.2.27-150300.3.33.4.noarch as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:uyuni-config-modules-4.2.27-150300.3.33.4.noarch"
},
"product_reference": "uyuni-config-modules-4.2.27-150300.3.33.4.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-41411",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-41411"
}
],
"notes": [
{
"category": "general",
"text": "drools \u003c=7.59.x is affected by an XML External Entity (XXE) vulnerability in KieModuleMarshaller.java. The Validator class is not used correctly, resulting in the XXE injection vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Proxy Module 4.2:mgr-daemon-4.2.10-150300.2.9.4.noarch",
"SUSE Manager Proxy Module 4.2:patterns-suma_proxy-4.2-150300.4.12.2.x86_64",
"SUSE Manager Proxy Module 4.2:python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
"SUSE Manager Proxy Module 4.2:python3-spacewalk-check-4.2.20-150300.4.24.3.noarch",
"SUSE Manager Proxy Module 4.2:python3-spacewalk-client-setup-4.2.20-150300.4.24.3.noarch",
"SUSE Manager Proxy Module 4.2:python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
"SUSE Manager Proxy Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64",
"SUSE Manager Proxy Module 4.2:spacecmd-4.2.19-150300.4.27.2.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-backend-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-check-4.2.20-150300.4.24.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-client-setup-4.2.20-150300.4.24.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-proxy-broker-4.2.12-150300.3.21.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-proxy-common-4.2.12-150300.3.21.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-proxy-management-4.2.12-150300.3.21.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-proxy-package-manager-4.2.12-150300.3.21.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-proxy-redirect-4.2.12-150300.3.21.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-proxy-salt-4.2.12-150300.3.21.3.noarch",
"SUSE Manager Proxy Module 4.2:susemanager-tftpsync-recv-4.2.5-150300.3.6.2.noarch",
"SUSE Manager Server Module 4.2:drools-7.17.0-150300.4.6.2.noarch",
"SUSE Manager Server Module 4.2:httpcomponents-asyncclient-4.1.4-150300.3.3.2.noarch",
"SUSE Manager Server Module 4.2:image-sync-formula-0.1.1661440526.b08d95b-150300.3.3.2.noarch",
"SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.ppc64le",
"SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.s390x",
"SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.x86_64",
"SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.ppc64le",
"SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.s390x",
"SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.x86_64",
"SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.ppc64le",
"SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.s390x",
"SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.x86_64",
"SUSE Manager Server Module 4.2:py27-compat-salt-3000.3-150300.7.7.23.2.noarch",
"SUSE Manager Server Module 4.2:python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
"SUSE Manager Server Module 4.2:python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
"SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.ppc64le",
"SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.s390x",
"SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64",
"SUSE Manager Server Module 4.2:salt-netapi-client-0.20.0-150300.3.9.4.noarch",
"SUSE Manager Server Module 4.2:saltboot-formula-0.1.1661440526.b08d95b-150300.3.12.2.noarch",
"SUSE Manager Server Module 4.2:spacecmd-4.2.19-150300.4.27.2.noarch",
"SUSE Manager Server Module 4.2:spacewalk-admin-4.2.12-150300.3.15.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-app-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-applet-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-config-files-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-config-files-common-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-config-files-tool-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-iss-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-iss-export-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-package-push-server-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-server-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-sql-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-sql-postgresql-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-tools-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-xml-export-libs-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-xmlrpc-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-base-4.2.29-150300.3.27.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-html-4.2.29-150300.3.27.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-java-4.2.41-150300.3.43.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-java-config-4.2.41-150300.3.43.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-java-lib-4.2.41-150300.3.43.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-java-postgresql-4.2.41-150300.3.43.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-search-4.2.8-150300.3.12.2.noarch",
"SUSE Manager Server Module 4.2:spacewalk-taskomatic-4.2.41-150300.3.43.5.noarch",
"SUSE Manager Server Module 4.2:subscription-matcher-0.29-150300.6.12.2.noarch",
"SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.ppc64le",
"SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.s390x",
"SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.x86_64",
"SUSE Manager Server Module 4.2:susemanager-doc-indexes-4.2-150300.12.33.4.noarch",
"SUSE Manager Server Module 4.2:susemanager-docs_en-4.2-150300.12.33.2.noarch",
"SUSE Manager Server Module 4.2:susemanager-docs_en-pdf-4.2-150300.12.33.2.noarch",
"SUSE Manager Server Module 4.2:susemanager-schema-4.2.24-150300.3.27.3.noarch",
"SUSE Manager Server Module 4.2:susemanager-sls-4.2.27-150300.3.33.4.noarch",
"SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.ppc64le",
"SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.s390x",
"SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.x86_64",
"SUSE Manager Server Module 4.2:uyuni-config-modules-4.2.27-150300.3.33.4.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-41411",
"url": "https://www.suse.com/security/cve/CVE-2021-41411"
},
{
"category": "external",
"summary": "SUSE Bug 1200629 for CVE-2021-41411",
"url": "https://bugzilla.suse.com/1200629"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Proxy Module 4.2:mgr-daemon-4.2.10-150300.2.9.4.noarch",
"SUSE Manager Proxy Module 4.2:patterns-suma_proxy-4.2-150300.4.12.2.x86_64",
"SUSE Manager Proxy Module 4.2:python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
"SUSE Manager Proxy Module 4.2:python3-spacewalk-check-4.2.20-150300.4.24.3.noarch",
"SUSE Manager Proxy Module 4.2:python3-spacewalk-client-setup-4.2.20-150300.4.24.3.noarch",
"SUSE Manager Proxy Module 4.2:python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
"SUSE Manager Proxy Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64",
"SUSE Manager Proxy Module 4.2:spacecmd-4.2.19-150300.4.27.2.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-backend-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-check-4.2.20-150300.4.24.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-client-setup-4.2.20-150300.4.24.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-proxy-broker-4.2.12-150300.3.21.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-proxy-common-4.2.12-150300.3.21.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-proxy-management-4.2.12-150300.3.21.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-proxy-package-manager-4.2.12-150300.3.21.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-proxy-redirect-4.2.12-150300.3.21.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-proxy-salt-4.2.12-150300.3.21.3.noarch",
"SUSE Manager Proxy Module 4.2:susemanager-tftpsync-recv-4.2.5-150300.3.6.2.noarch",
"SUSE Manager Server Module 4.2:drools-7.17.0-150300.4.6.2.noarch",
"SUSE Manager Server Module 4.2:httpcomponents-asyncclient-4.1.4-150300.3.3.2.noarch",
"SUSE Manager Server Module 4.2:image-sync-formula-0.1.1661440526.b08d95b-150300.3.3.2.noarch",
"SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.ppc64le",
"SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.s390x",
"SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.x86_64",
"SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.ppc64le",
"SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.s390x",
"SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.x86_64",
"SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.ppc64le",
"SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.s390x",
"SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.x86_64",
"SUSE Manager Server Module 4.2:py27-compat-salt-3000.3-150300.7.7.23.2.noarch",
"SUSE Manager Server Module 4.2:python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
"SUSE Manager Server Module 4.2:python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
"SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.ppc64le",
"SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.s390x",
"SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64",
"SUSE Manager Server Module 4.2:salt-netapi-client-0.20.0-150300.3.9.4.noarch",
"SUSE Manager Server Module 4.2:saltboot-formula-0.1.1661440526.b08d95b-150300.3.12.2.noarch",
"SUSE Manager Server Module 4.2:spacecmd-4.2.19-150300.4.27.2.noarch",
"SUSE Manager Server Module 4.2:spacewalk-admin-4.2.12-150300.3.15.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-app-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-applet-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-config-files-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-config-files-common-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-config-files-tool-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-iss-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-iss-export-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-package-push-server-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-server-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-sql-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-sql-postgresql-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-tools-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-xml-export-libs-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-xmlrpc-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-base-4.2.29-150300.3.27.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-html-4.2.29-150300.3.27.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-java-4.2.41-150300.3.43.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-java-config-4.2.41-150300.3.43.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-java-lib-4.2.41-150300.3.43.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-java-postgresql-4.2.41-150300.3.43.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-search-4.2.8-150300.3.12.2.noarch",
"SUSE Manager Server Module 4.2:spacewalk-taskomatic-4.2.41-150300.3.43.5.noarch",
"SUSE Manager Server Module 4.2:subscription-matcher-0.29-150300.6.12.2.noarch",
"SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.ppc64le",
"SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.s390x",
"SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.x86_64",
"SUSE Manager Server Module 4.2:susemanager-doc-indexes-4.2-150300.12.33.4.noarch",
"SUSE Manager Server Module 4.2:susemanager-docs_en-4.2-150300.12.33.2.noarch",
"SUSE Manager Server Module 4.2:susemanager-docs_en-pdf-4.2-150300.12.33.2.noarch",
"SUSE Manager Server Module 4.2:susemanager-schema-4.2.24-150300.3.27.3.noarch",
"SUSE Manager Server Module 4.2:susemanager-sls-4.2.27-150300.3.33.4.noarch",
"SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.ppc64le",
"SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.s390x",
"SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.x86_64",
"SUSE Manager Server Module 4.2:uyuni-config-modules-4.2.27-150300.3.33.4.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Manager Proxy Module 4.2:mgr-daemon-4.2.10-150300.2.9.4.noarch",
"SUSE Manager Proxy Module 4.2:patterns-suma_proxy-4.2-150300.4.12.2.x86_64",
"SUSE Manager Proxy Module 4.2:python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
"SUSE Manager Proxy Module 4.2:python3-spacewalk-check-4.2.20-150300.4.24.3.noarch",
"SUSE Manager Proxy Module 4.2:python3-spacewalk-client-setup-4.2.20-150300.4.24.3.noarch",
"SUSE Manager Proxy Module 4.2:python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
"SUSE Manager Proxy Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64",
"SUSE Manager Proxy Module 4.2:spacecmd-4.2.19-150300.4.27.2.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-backend-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-check-4.2.20-150300.4.24.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-client-setup-4.2.20-150300.4.24.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-proxy-broker-4.2.12-150300.3.21.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-proxy-common-4.2.12-150300.3.21.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-proxy-management-4.2.12-150300.3.21.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-proxy-package-manager-4.2.12-150300.3.21.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-proxy-redirect-4.2.12-150300.3.21.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-proxy-salt-4.2.12-150300.3.21.3.noarch",
"SUSE Manager Proxy Module 4.2:susemanager-tftpsync-recv-4.2.5-150300.3.6.2.noarch",
"SUSE Manager Server Module 4.2:drools-7.17.0-150300.4.6.2.noarch",
"SUSE Manager Server Module 4.2:httpcomponents-asyncclient-4.1.4-150300.3.3.2.noarch",
"SUSE Manager Server Module 4.2:image-sync-formula-0.1.1661440526.b08d95b-150300.3.3.2.noarch",
"SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.ppc64le",
"SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.s390x",
"SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.x86_64",
"SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.ppc64le",
"SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.s390x",
"SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.x86_64",
"SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.ppc64le",
"SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.s390x",
"SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.x86_64",
"SUSE Manager Server Module 4.2:py27-compat-salt-3000.3-150300.7.7.23.2.noarch",
"SUSE Manager Server Module 4.2:python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
"SUSE Manager Server Module 4.2:python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
"SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.ppc64le",
"SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.s390x",
"SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64",
"SUSE Manager Server Module 4.2:salt-netapi-client-0.20.0-150300.3.9.4.noarch",
"SUSE Manager Server Module 4.2:saltboot-formula-0.1.1661440526.b08d95b-150300.3.12.2.noarch",
"SUSE Manager Server Module 4.2:spacecmd-4.2.19-150300.4.27.2.noarch",
"SUSE Manager Server Module 4.2:spacewalk-admin-4.2.12-150300.3.15.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-app-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-applet-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-config-files-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-config-files-common-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-config-files-tool-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-iss-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-iss-export-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-package-push-server-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-server-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-sql-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-sql-postgresql-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-tools-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-xml-export-libs-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-xmlrpc-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-base-4.2.29-150300.3.27.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-html-4.2.29-150300.3.27.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-java-4.2.41-150300.3.43.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-java-config-4.2.41-150300.3.43.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-java-lib-4.2.41-150300.3.43.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-java-postgresql-4.2.41-150300.3.43.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-search-4.2.8-150300.3.12.2.noarch",
"SUSE Manager Server Module 4.2:spacewalk-taskomatic-4.2.41-150300.3.43.5.noarch",
"SUSE Manager Server Module 4.2:subscription-matcher-0.29-150300.6.12.2.noarch",
"SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.ppc64le",
"SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.s390x",
"SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.x86_64",
"SUSE Manager Server Module 4.2:susemanager-doc-indexes-4.2-150300.12.33.4.noarch",
"SUSE Manager Server Module 4.2:susemanager-docs_en-4.2-150300.12.33.2.noarch",
"SUSE Manager Server Module 4.2:susemanager-docs_en-pdf-4.2-150300.12.33.2.noarch",
"SUSE Manager Server Module 4.2:susemanager-schema-4.2.24-150300.3.27.3.noarch",
"SUSE Manager Server Module 4.2:susemanager-sls-4.2.27-150300.3.33.4.noarch",
"SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.ppc64le",
"SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.s390x",
"SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.x86_64",
"SUSE Manager Server Module 4.2:uyuni-config-modules-4.2.27-150300.3.33.4.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-09-19T15:38:45Z",
"details": "important"
}
],
"title": "CVE-2021-41411"
},
{
"cve": "CVE-2021-42740",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-42740"
}
],
"notes": [
{
"category": "general",
"text": "The shell-quote package before 1.7.3 for Node.js allows command injection. An attacker can inject unescaped shell metacharacters through a regex designed to support Windows drive letters. If the output of this package is passed to a real shell as a quoted argument to a command with exec(), an attacker can inject arbitrary commands. This is because the Windows drive letter regex character class is {A-z] instead of the correct {A-Za-z]. Several shell metacharacters exist in the space between capital letter Z and lower case letter a, such as the backtick character.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Proxy Module 4.2:mgr-daemon-4.2.10-150300.2.9.4.noarch",
"SUSE Manager Proxy Module 4.2:patterns-suma_proxy-4.2-150300.4.12.2.x86_64",
"SUSE Manager Proxy Module 4.2:python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
"SUSE Manager Proxy Module 4.2:python3-spacewalk-check-4.2.20-150300.4.24.3.noarch",
"SUSE Manager Proxy Module 4.2:python3-spacewalk-client-setup-4.2.20-150300.4.24.3.noarch",
"SUSE Manager Proxy Module 4.2:python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
"SUSE Manager Proxy Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64",
"SUSE Manager Proxy Module 4.2:spacecmd-4.2.19-150300.4.27.2.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-backend-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-check-4.2.20-150300.4.24.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-client-setup-4.2.20-150300.4.24.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-proxy-broker-4.2.12-150300.3.21.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-proxy-common-4.2.12-150300.3.21.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-proxy-management-4.2.12-150300.3.21.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-proxy-package-manager-4.2.12-150300.3.21.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-proxy-redirect-4.2.12-150300.3.21.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-proxy-salt-4.2.12-150300.3.21.3.noarch",
"SUSE Manager Proxy Module 4.2:susemanager-tftpsync-recv-4.2.5-150300.3.6.2.noarch",
"SUSE Manager Server Module 4.2:drools-7.17.0-150300.4.6.2.noarch",
"SUSE Manager Server Module 4.2:httpcomponents-asyncclient-4.1.4-150300.3.3.2.noarch",
"SUSE Manager Server Module 4.2:image-sync-formula-0.1.1661440526.b08d95b-150300.3.3.2.noarch",
"SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.ppc64le",
"SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.s390x",
"SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.x86_64",
"SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.ppc64le",
"SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.s390x",
"SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.x86_64",
"SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.ppc64le",
"SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.s390x",
"SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.x86_64",
"SUSE Manager Server Module 4.2:py27-compat-salt-3000.3-150300.7.7.23.2.noarch",
"SUSE Manager Server Module 4.2:python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
"SUSE Manager Server Module 4.2:python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
"SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.ppc64le",
"SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.s390x",
"SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64",
"SUSE Manager Server Module 4.2:salt-netapi-client-0.20.0-150300.3.9.4.noarch",
"SUSE Manager Server Module 4.2:saltboot-formula-0.1.1661440526.b08d95b-150300.3.12.2.noarch",
"SUSE Manager Server Module 4.2:spacecmd-4.2.19-150300.4.27.2.noarch",
"SUSE Manager Server Module 4.2:spacewalk-admin-4.2.12-150300.3.15.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-app-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-applet-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-config-files-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-config-files-common-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-config-files-tool-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-iss-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-iss-export-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-package-push-server-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-server-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-sql-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-sql-postgresql-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-tools-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-xml-export-libs-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-xmlrpc-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-base-4.2.29-150300.3.27.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-html-4.2.29-150300.3.27.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-java-4.2.41-150300.3.43.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-java-config-4.2.41-150300.3.43.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-java-lib-4.2.41-150300.3.43.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-java-postgresql-4.2.41-150300.3.43.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-search-4.2.8-150300.3.12.2.noarch",
"SUSE Manager Server Module 4.2:spacewalk-taskomatic-4.2.41-150300.3.43.5.noarch",
"SUSE Manager Server Module 4.2:subscription-matcher-0.29-150300.6.12.2.noarch",
"SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.ppc64le",
"SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.s390x",
"SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.x86_64",
"SUSE Manager Server Module 4.2:susemanager-doc-indexes-4.2-150300.12.33.4.noarch",
"SUSE Manager Server Module 4.2:susemanager-docs_en-4.2-150300.12.33.2.noarch",
"SUSE Manager Server Module 4.2:susemanager-docs_en-pdf-4.2-150300.12.33.2.noarch",
"SUSE Manager Server Module 4.2:susemanager-schema-4.2.24-150300.3.27.3.noarch",
"SUSE Manager Server Module 4.2:susemanager-sls-4.2.27-150300.3.33.4.noarch",
"SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.ppc64le",
"SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.s390x",
"SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.x86_64",
"SUSE Manager Server Module 4.2:uyuni-config-modules-4.2.27-150300.3.33.4.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-42740",
"url": "https://www.suse.com/security/cve/CVE-2021-42740"
},
{
"category": "external",
"summary": "SUSE Bug 1203287 for CVE-2021-42740",
"url": "https://bugzilla.suse.com/1203287"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Proxy Module 4.2:mgr-daemon-4.2.10-150300.2.9.4.noarch",
"SUSE Manager Proxy Module 4.2:patterns-suma_proxy-4.2-150300.4.12.2.x86_64",
"SUSE Manager Proxy Module 4.2:python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
"SUSE Manager Proxy Module 4.2:python3-spacewalk-check-4.2.20-150300.4.24.3.noarch",
"SUSE Manager Proxy Module 4.2:python3-spacewalk-client-setup-4.2.20-150300.4.24.3.noarch",
"SUSE Manager Proxy Module 4.2:python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
"SUSE Manager Proxy Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64",
"SUSE Manager Proxy Module 4.2:spacecmd-4.2.19-150300.4.27.2.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-backend-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-check-4.2.20-150300.4.24.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-client-setup-4.2.20-150300.4.24.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-proxy-broker-4.2.12-150300.3.21.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-proxy-common-4.2.12-150300.3.21.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-proxy-management-4.2.12-150300.3.21.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-proxy-package-manager-4.2.12-150300.3.21.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-proxy-redirect-4.2.12-150300.3.21.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-proxy-salt-4.2.12-150300.3.21.3.noarch",
"SUSE Manager Proxy Module 4.2:susemanager-tftpsync-recv-4.2.5-150300.3.6.2.noarch",
"SUSE Manager Server Module 4.2:drools-7.17.0-150300.4.6.2.noarch",
"SUSE Manager Server Module 4.2:httpcomponents-asyncclient-4.1.4-150300.3.3.2.noarch",
"SUSE Manager Server Module 4.2:image-sync-formula-0.1.1661440526.b08d95b-150300.3.3.2.noarch",
"SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.ppc64le",
"SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.s390x",
"SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.x86_64",
"SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.ppc64le",
"SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.s390x",
"SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.x86_64",
"SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.ppc64le",
"SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.s390x",
"SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.x86_64",
"SUSE Manager Server Module 4.2:py27-compat-salt-3000.3-150300.7.7.23.2.noarch",
"SUSE Manager Server Module 4.2:python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
"SUSE Manager Server Module 4.2:python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
"SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.ppc64le",
"SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.s390x",
"SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64",
"SUSE Manager Server Module 4.2:salt-netapi-client-0.20.0-150300.3.9.4.noarch",
"SUSE Manager Server Module 4.2:saltboot-formula-0.1.1661440526.b08d95b-150300.3.12.2.noarch",
"SUSE Manager Server Module 4.2:spacecmd-4.2.19-150300.4.27.2.noarch",
"SUSE Manager Server Module 4.2:spacewalk-admin-4.2.12-150300.3.15.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-app-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-applet-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-config-files-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-config-files-common-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-config-files-tool-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-iss-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-iss-export-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-package-push-server-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-server-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-sql-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-sql-postgresql-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-tools-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-xml-export-libs-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-xmlrpc-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-base-4.2.29-150300.3.27.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-html-4.2.29-150300.3.27.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-java-4.2.41-150300.3.43.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-java-config-4.2.41-150300.3.43.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-java-lib-4.2.41-150300.3.43.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-java-postgresql-4.2.41-150300.3.43.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-search-4.2.8-150300.3.12.2.noarch",
"SUSE Manager Server Module 4.2:spacewalk-taskomatic-4.2.41-150300.3.43.5.noarch",
"SUSE Manager Server Module 4.2:subscription-matcher-0.29-150300.6.12.2.noarch",
"SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.ppc64le",
"SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.s390x",
"SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.x86_64",
"SUSE Manager Server Module 4.2:susemanager-doc-indexes-4.2-150300.12.33.4.noarch",
"SUSE Manager Server Module 4.2:susemanager-docs_en-4.2-150300.12.33.2.noarch",
"SUSE Manager Server Module 4.2:susemanager-docs_en-pdf-4.2-150300.12.33.2.noarch",
"SUSE Manager Server Module 4.2:susemanager-schema-4.2.24-150300.3.27.3.noarch",
"SUSE Manager Server Module 4.2:susemanager-sls-4.2.27-150300.3.33.4.noarch",
"SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.ppc64le",
"SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.s390x",
"SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.x86_64",
"SUSE Manager Server Module 4.2:uyuni-config-modules-4.2.27-150300.3.33.4.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Manager Proxy Module 4.2:mgr-daemon-4.2.10-150300.2.9.4.noarch",
"SUSE Manager Proxy Module 4.2:patterns-suma_proxy-4.2-150300.4.12.2.x86_64",
"SUSE Manager Proxy Module 4.2:python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
"SUSE Manager Proxy Module 4.2:python3-spacewalk-check-4.2.20-150300.4.24.3.noarch",
"SUSE Manager Proxy Module 4.2:python3-spacewalk-client-setup-4.2.20-150300.4.24.3.noarch",
"SUSE Manager Proxy Module 4.2:python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
"SUSE Manager Proxy Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64",
"SUSE Manager Proxy Module 4.2:spacecmd-4.2.19-150300.4.27.2.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-backend-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-check-4.2.20-150300.4.24.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-client-setup-4.2.20-150300.4.24.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-proxy-broker-4.2.12-150300.3.21.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-proxy-common-4.2.12-150300.3.21.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-proxy-management-4.2.12-150300.3.21.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-proxy-package-manager-4.2.12-150300.3.21.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-proxy-redirect-4.2.12-150300.3.21.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-proxy-salt-4.2.12-150300.3.21.3.noarch",
"SUSE Manager Proxy Module 4.2:susemanager-tftpsync-recv-4.2.5-150300.3.6.2.noarch",
"SUSE Manager Server Module 4.2:drools-7.17.0-150300.4.6.2.noarch",
"SUSE Manager Server Module 4.2:httpcomponents-asyncclient-4.1.4-150300.3.3.2.noarch",
"SUSE Manager Server Module 4.2:image-sync-formula-0.1.1661440526.b08d95b-150300.3.3.2.noarch",
"SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.ppc64le",
"SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.s390x",
"SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.x86_64",
"SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.ppc64le",
"SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.s390x",
"SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.x86_64",
"SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.ppc64le",
"SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.s390x",
"SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.x86_64",
"SUSE Manager Server Module 4.2:py27-compat-salt-3000.3-150300.7.7.23.2.noarch",
"SUSE Manager Server Module 4.2:python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
"SUSE Manager Server Module 4.2:python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
"SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.ppc64le",
"SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.s390x",
"SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64",
"SUSE Manager Server Module 4.2:salt-netapi-client-0.20.0-150300.3.9.4.noarch",
"SUSE Manager Server Module 4.2:saltboot-formula-0.1.1661440526.b08d95b-150300.3.12.2.noarch",
"SUSE Manager Server Module 4.2:spacecmd-4.2.19-150300.4.27.2.noarch",
"SUSE Manager Server Module 4.2:spacewalk-admin-4.2.12-150300.3.15.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-app-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-applet-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-config-files-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-config-files-common-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-config-files-tool-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-iss-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-iss-export-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-package-push-server-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-server-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-sql-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-sql-postgresql-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-tools-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-xml-export-libs-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-xmlrpc-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-base-4.2.29-150300.3.27.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-html-4.2.29-150300.3.27.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-java-4.2.41-150300.3.43.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-java-config-4.2.41-150300.3.43.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-java-lib-4.2.41-150300.3.43.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-java-postgresql-4.2.41-150300.3.43.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-search-4.2.8-150300.3.12.2.noarch",
"SUSE Manager Server Module 4.2:spacewalk-taskomatic-4.2.41-150300.3.43.5.noarch",
"SUSE Manager Server Module 4.2:subscription-matcher-0.29-150300.6.12.2.noarch",
"SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.ppc64le",
"SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.s390x",
"SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.x86_64",
"SUSE Manager Server Module 4.2:susemanager-doc-indexes-4.2-150300.12.33.4.noarch",
"SUSE Manager Server Module 4.2:susemanager-docs_en-4.2-150300.12.33.2.noarch",
"SUSE Manager Server Module 4.2:susemanager-docs_en-pdf-4.2-150300.12.33.2.noarch",
"SUSE Manager Server Module 4.2:susemanager-schema-4.2.24-150300.3.27.3.noarch",
"SUSE Manager Server Module 4.2:susemanager-sls-4.2.27-150300.3.33.4.noarch",
"SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.ppc64le",
"SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.s390x",
"SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.x86_64",
"SUSE Manager Server Module 4.2:uyuni-config-modules-4.2.27-150300.3.33.4.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-09-19T15:38:45Z",
"details": "critical"
}
],
"title": "CVE-2021-42740"
},
{
"cve": "CVE-2021-43138",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-43138"
}
],
"notes": [
{
"category": "general",
"text": "In Async before 2.6.4 and 3.x before 3.2.2, a malicious user can obtain privileges via the mapValues() method, aka lib/internal/iterator.js createObjectIterator prototype pollution.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Proxy Module 4.2:mgr-daemon-4.2.10-150300.2.9.4.noarch",
"SUSE Manager Proxy Module 4.2:patterns-suma_proxy-4.2-150300.4.12.2.x86_64",
"SUSE Manager Proxy Module 4.2:python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
"SUSE Manager Proxy Module 4.2:python3-spacewalk-check-4.2.20-150300.4.24.3.noarch",
"SUSE Manager Proxy Module 4.2:python3-spacewalk-client-setup-4.2.20-150300.4.24.3.noarch",
"SUSE Manager Proxy Module 4.2:python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
"SUSE Manager Proxy Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64",
"SUSE Manager Proxy Module 4.2:spacecmd-4.2.19-150300.4.27.2.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-backend-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-check-4.2.20-150300.4.24.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-client-setup-4.2.20-150300.4.24.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-proxy-broker-4.2.12-150300.3.21.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-proxy-common-4.2.12-150300.3.21.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-proxy-management-4.2.12-150300.3.21.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-proxy-package-manager-4.2.12-150300.3.21.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-proxy-redirect-4.2.12-150300.3.21.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-proxy-salt-4.2.12-150300.3.21.3.noarch",
"SUSE Manager Proxy Module 4.2:susemanager-tftpsync-recv-4.2.5-150300.3.6.2.noarch",
"SUSE Manager Server Module 4.2:drools-7.17.0-150300.4.6.2.noarch",
"SUSE Manager Server Module 4.2:httpcomponents-asyncclient-4.1.4-150300.3.3.2.noarch",
"SUSE Manager Server Module 4.2:image-sync-formula-0.1.1661440526.b08d95b-150300.3.3.2.noarch",
"SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.ppc64le",
"SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.s390x",
"SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.x86_64",
"SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.ppc64le",
"SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.s390x",
"SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.x86_64",
"SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.ppc64le",
"SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.s390x",
"SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.x86_64",
"SUSE Manager Server Module 4.2:py27-compat-salt-3000.3-150300.7.7.23.2.noarch",
"SUSE Manager Server Module 4.2:python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
"SUSE Manager Server Module 4.2:python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
"SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.ppc64le",
"SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.s390x",
"SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64",
"SUSE Manager Server Module 4.2:salt-netapi-client-0.20.0-150300.3.9.4.noarch",
"SUSE Manager Server Module 4.2:saltboot-formula-0.1.1661440526.b08d95b-150300.3.12.2.noarch",
"SUSE Manager Server Module 4.2:spacecmd-4.2.19-150300.4.27.2.noarch",
"SUSE Manager Server Module 4.2:spacewalk-admin-4.2.12-150300.3.15.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-app-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-applet-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-config-files-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-config-files-common-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-config-files-tool-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-iss-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-iss-export-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-package-push-server-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-server-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-sql-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-sql-postgresql-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-tools-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-xml-export-libs-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-xmlrpc-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-base-4.2.29-150300.3.27.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-html-4.2.29-150300.3.27.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-java-4.2.41-150300.3.43.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-java-config-4.2.41-150300.3.43.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-java-lib-4.2.41-150300.3.43.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-java-postgresql-4.2.41-150300.3.43.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-search-4.2.8-150300.3.12.2.noarch",
"SUSE Manager Server Module 4.2:spacewalk-taskomatic-4.2.41-150300.3.43.5.noarch",
"SUSE Manager Server Module 4.2:subscription-matcher-0.29-150300.6.12.2.noarch",
"SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.ppc64le",
"SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.s390x",
"SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.x86_64",
"SUSE Manager Server Module 4.2:susemanager-doc-indexes-4.2-150300.12.33.4.noarch",
"SUSE Manager Server Module 4.2:susemanager-docs_en-4.2-150300.12.33.2.noarch",
"SUSE Manager Server Module 4.2:susemanager-docs_en-pdf-4.2-150300.12.33.2.noarch",
"SUSE Manager Server Module 4.2:susemanager-schema-4.2.24-150300.3.27.3.noarch",
"SUSE Manager Server Module 4.2:susemanager-sls-4.2.27-150300.3.33.4.noarch",
"SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.ppc64le",
"SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.s390x",
"SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.x86_64",
"SUSE Manager Server Module 4.2:uyuni-config-modules-4.2.27-150300.3.33.4.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-43138",
"url": "https://www.suse.com/security/cve/CVE-2021-43138"
},
{
"category": "external",
"summary": "SUSE Bug 1200480 for CVE-2021-43138",
"url": "https://bugzilla.suse.com/1200480"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Proxy Module 4.2:mgr-daemon-4.2.10-150300.2.9.4.noarch",
"SUSE Manager Proxy Module 4.2:patterns-suma_proxy-4.2-150300.4.12.2.x86_64",
"SUSE Manager Proxy Module 4.2:python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
"SUSE Manager Proxy Module 4.2:python3-spacewalk-check-4.2.20-150300.4.24.3.noarch",
"SUSE Manager Proxy Module 4.2:python3-spacewalk-client-setup-4.2.20-150300.4.24.3.noarch",
"SUSE Manager Proxy Module 4.2:python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
"SUSE Manager Proxy Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64",
"SUSE Manager Proxy Module 4.2:spacecmd-4.2.19-150300.4.27.2.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-backend-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-check-4.2.20-150300.4.24.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-client-setup-4.2.20-150300.4.24.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-proxy-broker-4.2.12-150300.3.21.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-proxy-common-4.2.12-150300.3.21.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-proxy-management-4.2.12-150300.3.21.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-proxy-package-manager-4.2.12-150300.3.21.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-proxy-redirect-4.2.12-150300.3.21.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-proxy-salt-4.2.12-150300.3.21.3.noarch",
"SUSE Manager Proxy Module 4.2:susemanager-tftpsync-recv-4.2.5-150300.3.6.2.noarch",
"SUSE Manager Server Module 4.2:drools-7.17.0-150300.4.6.2.noarch",
"SUSE Manager Server Module 4.2:httpcomponents-asyncclient-4.1.4-150300.3.3.2.noarch",
"SUSE Manager Server Module 4.2:image-sync-formula-0.1.1661440526.b08d95b-150300.3.3.2.noarch",
"SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.ppc64le",
"SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.s390x",
"SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.x86_64",
"SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.ppc64le",
"SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.s390x",
"SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.x86_64",
"SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.ppc64le",
"SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.s390x",
"SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.x86_64",
"SUSE Manager Server Module 4.2:py27-compat-salt-3000.3-150300.7.7.23.2.noarch",
"SUSE Manager Server Module 4.2:python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
"SUSE Manager Server Module 4.2:python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
"SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.ppc64le",
"SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.s390x",
"SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64",
"SUSE Manager Server Module 4.2:salt-netapi-client-0.20.0-150300.3.9.4.noarch",
"SUSE Manager Server Module 4.2:saltboot-formula-0.1.1661440526.b08d95b-150300.3.12.2.noarch",
"SUSE Manager Server Module 4.2:spacecmd-4.2.19-150300.4.27.2.noarch",
"SUSE Manager Server Module 4.2:spacewalk-admin-4.2.12-150300.3.15.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-app-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-applet-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-config-files-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-config-files-common-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-config-files-tool-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-iss-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-iss-export-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-package-push-server-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-server-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-sql-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-sql-postgresql-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-tools-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-xml-export-libs-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-xmlrpc-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-base-4.2.29-150300.3.27.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-html-4.2.29-150300.3.27.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-java-4.2.41-150300.3.43.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-java-config-4.2.41-150300.3.43.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-java-lib-4.2.41-150300.3.43.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-java-postgresql-4.2.41-150300.3.43.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-search-4.2.8-150300.3.12.2.noarch",
"SUSE Manager Server Module 4.2:spacewalk-taskomatic-4.2.41-150300.3.43.5.noarch",
"SUSE Manager Server Module 4.2:subscription-matcher-0.29-150300.6.12.2.noarch",
"SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.ppc64le",
"SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.s390x",
"SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.x86_64",
"SUSE Manager Server Module 4.2:susemanager-doc-indexes-4.2-150300.12.33.4.noarch",
"SUSE Manager Server Module 4.2:susemanager-docs_en-4.2-150300.12.33.2.noarch",
"SUSE Manager Server Module 4.2:susemanager-docs_en-pdf-4.2-150300.12.33.2.noarch",
"SUSE Manager Server Module 4.2:susemanager-schema-4.2.24-150300.3.27.3.noarch",
"SUSE Manager Server Module 4.2:susemanager-sls-4.2.27-150300.3.33.4.noarch",
"SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.ppc64le",
"SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.s390x",
"SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.x86_64",
"SUSE Manager Server Module 4.2:uyuni-config-modules-4.2.27-150300.3.33.4.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Manager Proxy Module 4.2:mgr-daemon-4.2.10-150300.2.9.4.noarch",
"SUSE Manager Proxy Module 4.2:patterns-suma_proxy-4.2-150300.4.12.2.x86_64",
"SUSE Manager Proxy Module 4.2:python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
"SUSE Manager Proxy Module 4.2:python3-spacewalk-check-4.2.20-150300.4.24.3.noarch",
"SUSE Manager Proxy Module 4.2:python3-spacewalk-client-setup-4.2.20-150300.4.24.3.noarch",
"SUSE Manager Proxy Module 4.2:python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
"SUSE Manager Proxy Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64",
"SUSE Manager Proxy Module 4.2:spacecmd-4.2.19-150300.4.27.2.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-backend-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-check-4.2.20-150300.4.24.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-client-setup-4.2.20-150300.4.24.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-proxy-broker-4.2.12-150300.3.21.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-proxy-common-4.2.12-150300.3.21.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-proxy-management-4.2.12-150300.3.21.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-proxy-package-manager-4.2.12-150300.3.21.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-proxy-redirect-4.2.12-150300.3.21.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-proxy-salt-4.2.12-150300.3.21.3.noarch",
"SUSE Manager Proxy Module 4.2:susemanager-tftpsync-recv-4.2.5-150300.3.6.2.noarch",
"SUSE Manager Server Module 4.2:drools-7.17.0-150300.4.6.2.noarch",
"SUSE Manager Server Module 4.2:httpcomponents-asyncclient-4.1.4-150300.3.3.2.noarch",
"SUSE Manager Server Module 4.2:image-sync-formula-0.1.1661440526.b08d95b-150300.3.3.2.noarch",
"SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.ppc64le",
"SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.s390x",
"SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.x86_64",
"SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.ppc64le",
"SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.s390x",
"SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.x86_64",
"SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.ppc64le",
"SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.s390x",
"SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.x86_64",
"SUSE Manager Server Module 4.2:py27-compat-salt-3000.3-150300.7.7.23.2.noarch",
"SUSE Manager Server Module 4.2:python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
"SUSE Manager Server Module 4.2:python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
"SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.ppc64le",
"SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.s390x",
"SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64",
"SUSE Manager Server Module 4.2:salt-netapi-client-0.20.0-150300.3.9.4.noarch",
"SUSE Manager Server Module 4.2:saltboot-formula-0.1.1661440526.b08d95b-150300.3.12.2.noarch",
"SUSE Manager Server Module 4.2:spacecmd-4.2.19-150300.4.27.2.noarch",
"SUSE Manager Server Module 4.2:spacewalk-admin-4.2.12-150300.3.15.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-app-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-applet-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-config-files-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-config-files-common-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-config-files-tool-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-iss-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-iss-export-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-package-push-server-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-server-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-sql-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-sql-postgresql-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-tools-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-xml-export-libs-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-xmlrpc-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-base-4.2.29-150300.3.27.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-html-4.2.29-150300.3.27.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-java-4.2.41-150300.3.43.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-java-config-4.2.41-150300.3.43.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-java-lib-4.2.41-150300.3.43.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-java-postgresql-4.2.41-150300.3.43.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-search-4.2.8-150300.3.12.2.noarch",
"SUSE Manager Server Module 4.2:spacewalk-taskomatic-4.2.41-150300.3.43.5.noarch",
"SUSE Manager Server Module 4.2:subscription-matcher-0.29-150300.6.12.2.noarch",
"SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.ppc64le",
"SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.s390x",
"SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.x86_64",
"SUSE Manager Server Module 4.2:susemanager-doc-indexes-4.2-150300.12.33.4.noarch",
"SUSE Manager Server Module 4.2:susemanager-docs_en-4.2-150300.12.33.2.noarch",
"SUSE Manager Server Module 4.2:susemanager-docs_en-pdf-4.2-150300.12.33.2.noarch",
"SUSE Manager Server Module 4.2:susemanager-schema-4.2.24-150300.3.27.3.noarch",
"SUSE Manager Server Module 4.2:susemanager-sls-4.2.27-150300.3.33.4.noarch",
"SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.ppc64le",
"SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.s390x",
"SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.x86_64",
"SUSE Manager Server Module 4.2:uyuni-config-modules-4.2.27-150300.3.33.4.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-09-19T15:38:45Z",
"details": "important"
}
],
"title": "CVE-2021-43138"
},
{
"cve": "CVE-2022-31129",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-31129"
}
],
"notes": [
{
"category": "general",
"text": "moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an inefficient parsing algorithm. Specifically using string-to-date parsing in moment (more specifically rfc2822 parsing, which is tried by default) has quadratic (N^2) complexity on specific inputs. Users may notice a noticeable slowdown is observed with inputs above 10k characters. Users who pass user-provided strings without sanity length checks to moment constructor are vulnerable to (Re)DoS attacks. The problem is patched in 2.29.4, the patch can be applied to all affected versions with minimal tweaking. Users are advised to upgrade. Users unable to upgrade should consider limiting date lengths accepted from user input.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Proxy Module 4.2:mgr-daemon-4.2.10-150300.2.9.4.noarch",
"SUSE Manager Proxy Module 4.2:patterns-suma_proxy-4.2-150300.4.12.2.x86_64",
"SUSE Manager Proxy Module 4.2:python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
"SUSE Manager Proxy Module 4.2:python3-spacewalk-check-4.2.20-150300.4.24.3.noarch",
"SUSE Manager Proxy Module 4.2:python3-spacewalk-client-setup-4.2.20-150300.4.24.3.noarch",
"SUSE Manager Proxy Module 4.2:python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
"SUSE Manager Proxy Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64",
"SUSE Manager Proxy Module 4.2:spacecmd-4.2.19-150300.4.27.2.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-backend-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-check-4.2.20-150300.4.24.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-client-setup-4.2.20-150300.4.24.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-proxy-broker-4.2.12-150300.3.21.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-proxy-common-4.2.12-150300.3.21.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-proxy-management-4.2.12-150300.3.21.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-proxy-package-manager-4.2.12-150300.3.21.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-proxy-redirect-4.2.12-150300.3.21.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-proxy-salt-4.2.12-150300.3.21.3.noarch",
"SUSE Manager Proxy Module 4.2:susemanager-tftpsync-recv-4.2.5-150300.3.6.2.noarch",
"SUSE Manager Server Module 4.2:drools-7.17.0-150300.4.6.2.noarch",
"SUSE Manager Server Module 4.2:httpcomponents-asyncclient-4.1.4-150300.3.3.2.noarch",
"SUSE Manager Server Module 4.2:image-sync-formula-0.1.1661440526.b08d95b-150300.3.3.2.noarch",
"SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.ppc64le",
"SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.s390x",
"SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.x86_64",
"SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.ppc64le",
"SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.s390x",
"SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.x86_64",
"SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.ppc64le",
"SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.s390x",
"SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.x86_64",
"SUSE Manager Server Module 4.2:py27-compat-salt-3000.3-150300.7.7.23.2.noarch",
"SUSE Manager Server Module 4.2:python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
"SUSE Manager Server Module 4.2:python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
"SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.ppc64le",
"SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.s390x",
"SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64",
"SUSE Manager Server Module 4.2:salt-netapi-client-0.20.0-150300.3.9.4.noarch",
"SUSE Manager Server Module 4.2:saltboot-formula-0.1.1661440526.b08d95b-150300.3.12.2.noarch",
"SUSE Manager Server Module 4.2:spacecmd-4.2.19-150300.4.27.2.noarch",
"SUSE Manager Server Module 4.2:spacewalk-admin-4.2.12-150300.3.15.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-app-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-applet-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-config-files-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-config-files-common-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-config-files-tool-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-iss-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-iss-export-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-package-push-server-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-server-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-sql-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-sql-postgresql-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-tools-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-xml-export-libs-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-xmlrpc-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-base-4.2.29-150300.3.27.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-html-4.2.29-150300.3.27.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-java-4.2.41-150300.3.43.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-java-config-4.2.41-150300.3.43.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-java-lib-4.2.41-150300.3.43.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-java-postgresql-4.2.41-150300.3.43.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-search-4.2.8-150300.3.12.2.noarch",
"SUSE Manager Server Module 4.2:spacewalk-taskomatic-4.2.41-150300.3.43.5.noarch",
"SUSE Manager Server Module 4.2:subscription-matcher-0.29-150300.6.12.2.noarch",
"SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.ppc64le",
"SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.s390x",
"SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.x86_64",
"SUSE Manager Server Module 4.2:susemanager-doc-indexes-4.2-150300.12.33.4.noarch",
"SUSE Manager Server Module 4.2:susemanager-docs_en-4.2-150300.12.33.2.noarch",
"SUSE Manager Server Module 4.2:susemanager-docs_en-pdf-4.2-150300.12.33.2.noarch",
"SUSE Manager Server Module 4.2:susemanager-schema-4.2.24-150300.3.27.3.noarch",
"SUSE Manager Server Module 4.2:susemanager-sls-4.2.27-150300.3.33.4.noarch",
"SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.ppc64le",
"SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.s390x",
"SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.x86_64",
"SUSE Manager Server Module 4.2:uyuni-config-modules-4.2.27-150300.3.33.4.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-31129",
"url": "https://www.suse.com/security/cve/CVE-2022-31129"
},
{
"category": "external",
"summary": "SUSE Bug 1203288 for CVE-2022-31129",
"url": "https://bugzilla.suse.com/1203288"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Proxy Module 4.2:mgr-daemon-4.2.10-150300.2.9.4.noarch",
"SUSE Manager Proxy Module 4.2:patterns-suma_proxy-4.2-150300.4.12.2.x86_64",
"SUSE Manager Proxy Module 4.2:python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
"SUSE Manager Proxy Module 4.2:python3-spacewalk-check-4.2.20-150300.4.24.3.noarch",
"SUSE Manager Proxy Module 4.2:python3-spacewalk-client-setup-4.2.20-150300.4.24.3.noarch",
"SUSE Manager Proxy Module 4.2:python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
"SUSE Manager Proxy Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64",
"SUSE Manager Proxy Module 4.2:spacecmd-4.2.19-150300.4.27.2.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-backend-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-check-4.2.20-150300.4.24.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-client-setup-4.2.20-150300.4.24.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-proxy-broker-4.2.12-150300.3.21.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-proxy-common-4.2.12-150300.3.21.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-proxy-management-4.2.12-150300.3.21.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-proxy-package-manager-4.2.12-150300.3.21.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-proxy-redirect-4.2.12-150300.3.21.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-proxy-salt-4.2.12-150300.3.21.3.noarch",
"SUSE Manager Proxy Module 4.2:susemanager-tftpsync-recv-4.2.5-150300.3.6.2.noarch",
"SUSE Manager Server Module 4.2:drools-7.17.0-150300.4.6.2.noarch",
"SUSE Manager Server Module 4.2:httpcomponents-asyncclient-4.1.4-150300.3.3.2.noarch",
"SUSE Manager Server Module 4.2:image-sync-formula-0.1.1661440526.b08d95b-150300.3.3.2.noarch",
"SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.ppc64le",
"SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.s390x",
"SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.x86_64",
"SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.ppc64le",
"SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.s390x",
"SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.x86_64",
"SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.ppc64le",
"SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.s390x",
"SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.x86_64",
"SUSE Manager Server Module 4.2:py27-compat-salt-3000.3-150300.7.7.23.2.noarch",
"SUSE Manager Server Module 4.2:python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
"SUSE Manager Server Module 4.2:python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
"SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.ppc64le",
"SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.s390x",
"SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64",
"SUSE Manager Server Module 4.2:salt-netapi-client-0.20.0-150300.3.9.4.noarch",
"SUSE Manager Server Module 4.2:saltboot-formula-0.1.1661440526.b08d95b-150300.3.12.2.noarch",
"SUSE Manager Server Module 4.2:spacecmd-4.2.19-150300.4.27.2.noarch",
"SUSE Manager Server Module 4.2:spacewalk-admin-4.2.12-150300.3.15.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-app-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-applet-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-config-files-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-config-files-common-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-config-files-tool-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-iss-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-iss-export-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-package-push-server-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-server-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-sql-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-sql-postgresql-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-tools-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-xml-export-libs-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-xmlrpc-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-base-4.2.29-150300.3.27.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-html-4.2.29-150300.3.27.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-java-4.2.41-150300.3.43.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-java-config-4.2.41-150300.3.43.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-java-lib-4.2.41-150300.3.43.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-java-postgresql-4.2.41-150300.3.43.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-search-4.2.8-150300.3.12.2.noarch",
"SUSE Manager Server Module 4.2:spacewalk-taskomatic-4.2.41-150300.3.43.5.noarch",
"SUSE Manager Server Module 4.2:subscription-matcher-0.29-150300.6.12.2.noarch",
"SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.ppc64le",
"SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.s390x",
"SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.x86_64",
"SUSE Manager Server Module 4.2:susemanager-doc-indexes-4.2-150300.12.33.4.noarch",
"SUSE Manager Server Module 4.2:susemanager-docs_en-4.2-150300.12.33.2.noarch",
"SUSE Manager Server Module 4.2:susemanager-docs_en-pdf-4.2-150300.12.33.2.noarch",
"SUSE Manager Server Module 4.2:susemanager-schema-4.2.24-150300.3.27.3.noarch",
"SUSE Manager Server Module 4.2:susemanager-sls-4.2.27-150300.3.33.4.noarch",
"SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.ppc64le",
"SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.s390x",
"SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.x86_64",
"SUSE Manager Server Module 4.2:uyuni-config-modules-4.2.27-150300.3.33.4.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Manager Proxy Module 4.2:mgr-daemon-4.2.10-150300.2.9.4.noarch",
"SUSE Manager Proxy Module 4.2:patterns-suma_proxy-4.2-150300.4.12.2.x86_64",
"SUSE Manager Proxy Module 4.2:python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
"SUSE Manager Proxy Module 4.2:python3-spacewalk-check-4.2.20-150300.4.24.3.noarch",
"SUSE Manager Proxy Module 4.2:python3-spacewalk-client-setup-4.2.20-150300.4.24.3.noarch",
"SUSE Manager Proxy Module 4.2:python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
"SUSE Manager Proxy Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64",
"SUSE Manager Proxy Module 4.2:spacecmd-4.2.19-150300.4.27.2.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-backend-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-check-4.2.20-150300.4.24.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-client-setup-4.2.20-150300.4.24.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-proxy-broker-4.2.12-150300.3.21.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-proxy-common-4.2.12-150300.3.21.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-proxy-management-4.2.12-150300.3.21.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-proxy-package-manager-4.2.12-150300.3.21.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-proxy-redirect-4.2.12-150300.3.21.3.noarch",
"SUSE Manager Proxy Module 4.2:spacewalk-proxy-salt-4.2.12-150300.3.21.3.noarch",
"SUSE Manager Proxy Module 4.2:susemanager-tftpsync-recv-4.2.5-150300.3.6.2.noarch",
"SUSE Manager Server Module 4.2:drools-7.17.0-150300.4.6.2.noarch",
"SUSE Manager Server Module 4.2:httpcomponents-asyncclient-4.1.4-150300.3.3.2.noarch",
"SUSE Manager Server Module 4.2:image-sync-formula-0.1.1661440526.b08d95b-150300.3.3.2.noarch",
"SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.ppc64le",
"SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.s390x",
"SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.x86_64",
"SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.ppc64le",
"SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.s390x",
"SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.x86_64",
"SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.ppc64le",
"SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.s390x",
"SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.x86_64",
"SUSE Manager Server Module 4.2:py27-compat-salt-3000.3-150300.7.7.23.2.noarch",
"SUSE Manager Server Module 4.2:python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
"SUSE Manager Server Module 4.2:python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
"SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.ppc64le",
"SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.s390x",
"SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64",
"SUSE Manager Server Module 4.2:salt-netapi-client-0.20.0-150300.3.9.4.noarch",
"SUSE Manager Server Module 4.2:saltboot-formula-0.1.1661440526.b08d95b-150300.3.12.2.noarch",
"SUSE Manager Server Module 4.2:spacecmd-4.2.19-150300.4.27.2.noarch",
"SUSE Manager Server Module 4.2:spacewalk-admin-4.2.12-150300.3.15.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-app-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-applet-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-config-files-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-config-files-common-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-config-files-tool-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-iss-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-iss-export-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-package-push-server-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-server-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-sql-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-sql-postgresql-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-tools-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-xml-export-libs-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-xmlrpc-4.2.24-150300.4.29.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-base-4.2.29-150300.3.27.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-html-4.2.29-150300.3.27.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-java-4.2.41-150300.3.43.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-java-config-4.2.41-150300.3.43.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-java-lib-4.2.41-150300.3.43.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-java-postgresql-4.2.41-150300.3.43.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-search-4.2.8-150300.3.12.2.noarch",
"SUSE Manager Server Module 4.2:spacewalk-taskomatic-4.2.41-150300.3.43.5.noarch",
"SUSE Manager Server Module 4.2:subscription-matcher-0.29-150300.6.12.2.noarch",
"SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.ppc64le",
"SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.s390x",
"SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.x86_64",
"SUSE Manager Server Module 4.2:susemanager-doc-indexes-4.2-150300.12.33.4.noarch",
"SUSE Manager Server Module 4.2:susemanager-docs_en-4.2-150300.12.33.2.noarch",
"SUSE Manager Server Module 4.2:susemanager-docs_en-pdf-4.2-150300.12.33.2.noarch",
"SUSE Manager Server Module 4.2:susemanager-schema-4.2.24-150300.3.27.3.noarch",
"SUSE Manager Server Module 4.2:susemanager-sls-4.2.27-150300.3.33.4.noarch",
"SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.ppc64le",
"SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.s390x",
"SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.x86_64",
"SUSE Manager Server Module 4.2:uyuni-config-modules-4.2.27-150300.3.33.4.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-09-19T15:38:45Z",
"details": "important"
}
],
"title": "CVE-2022-31129"
}
]
}
SUSE-SU-2022:3761-1
Vulnerability from csaf_suse - Published: 2022-10-26 08:58 - Updated: 2022-10-26 08:58Summary
Security update for release-notes-susemanager, release-notes-susemanager-proxy
Severity
Moderate
Notes
Title of the patch: Security update for release-notes-susemanager, release-notes-susemanager-proxy
Description of the patch: This update for release-notes-susemanager, release-notes-susemanager-proxy fixes the following issues:
Release notes for SUSE Manager:
- Update to SUSE Manager 4.3.2
* Containerized proxy and RBS are now fully supported
* HTTP API is now fully supported
* Ubuntu 22.04 is now supported as a client
* Cobbler has been upgraded to version 3.3.3 which also includes building ISOs with UEFI support
* pip support has been added for the Salt Bundle
* Prometheus exporter for Apache has been upgraded to 0.10.0
* CVEs fixed: CVE-2021-41411, CVE-2021-42740, CVE-2021-43138, CVE-2022-0860, CVE-2022-31129
* Bugs mentioned:
bsc#1191857, bsc#1195624, bsc#1196729, bsc#1197027, bsc#1198168
bsc#1198903, bsc#1199726, bsc#1200480, bsc#1200573, bsc#1200629
bsc#1201210, bsc#1201220, bsc#1201260, bsc#1201626, bsc#1201753
bsc#1201788, bsc#1201913, bsc#1201918, bsc#1202271, bsc#1202272
bsc#1202367, bsc#1202455, bsc#1202464, bsc#1202602, bsc#1202728
bsc#1202729, bsc#1202805, bsc#1202899, bsc#1203026, bsc#1203049
bsc#1203056, bsc#1203169, bsc#1203287, bsc#1203288, bsc#1203385
bsc#1203406, bsc#1203422, bsc#1203449, bsc#1203478, bsc#1203484
bsc#1203564, bsc#1203585, bsc#1203611
Release notes for SUSE Manager Proxy:
- Update to SUSE Manager 4.3.2
* Containerized proxy and RBS are now fully supported
* CVEs fixed: CVE-2021-42740, CVE-2021-43138, CVE-2022-31129
* Bugs mentioned:
bsc#1198168, bsc#1198903, bsc#1200480, bsc#1201589, bsc#1201788
bsc#1203287, bsc#1203288, bsc#1203585
Patchnames: SUSE-2022-3761,SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2022-3761,SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.3-2022-3761,SUSE-SLE-Product-SUSE-Manager-Server-4.3-2022-3761
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager Proxy 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Retail Branch Server 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
9.8 (Critical)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager Proxy 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Retail Branch Server 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
7.8 (High)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager Proxy 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Retail Branch Server 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.2 (High)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager Proxy 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Retail Branch Server 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager Proxy 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Retail Branch Server 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
63 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for release-notes-susemanager, release-notes-susemanager-proxy",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for release-notes-susemanager, release-notes-susemanager-proxy fixes the following issues:\n\nRelease notes for SUSE Manager:\n\n- Update to SUSE Manager 4.3.2\n * Containerized proxy and RBS are now fully supported\n * HTTP API is now fully supported\n * Ubuntu 22.04 is now supported as a client\n * Cobbler has been upgraded to version 3.3.3 which also includes building ISOs with UEFI support\n * pip support has been added for the Salt Bundle \n * Prometheus exporter for Apache has been upgraded to 0.10.0\n * CVEs fixed: CVE-2021-41411, CVE-2021-42740, CVE-2021-43138, CVE-2022-0860, CVE-2022-31129\n * Bugs mentioned:\n bsc#1191857, bsc#1195624, bsc#1196729, bsc#1197027, bsc#1198168\n bsc#1198903, bsc#1199726, bsc#1200480, bsc#1200573, bsc#1200629\n bsc#1201210, bsc#1201220, bsc#1201260, bsc#1201626, bsc#1201753\n bsc#1201788, bsc#1201913, bsc#1201918, bsc#1202271, bsc#1202272\n bsc#1202367, bsc#1202455, bsc#1202464, bsc#1202602, bsc#1202728\n bsc#1202729, bsc#1202805, bsc#1202899, bsc#1203026, bsc#1203049\n bsc#1203056, bsc#1203169, bsc#1203287, bsc#1203288, bsc#1203385\n bsc#1203406, bsc#1203422, bsc#1203449, bsc#1203478, bsc#1203484\n bsc#1203564, bsc#1203585, bsc#1203611 \n\nRelease notes for SUSE Manager Proxy:\n\n- Update to SUSE Manager 4.3.2\n * Containerized proxy and RBS are now fully supported\n * CVEs fixed: CVE-2021-42740, CVE-2021-43138, CVE-2022-31129\n * Bugs mentioned:\n bsc#1198168, bsc#1198903, bsc#1200480, bsc#1201589, bsc#1201788\n bsc#1203287, bsc#1203288, bsc#1203585 \n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2022-3761,SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2022-3761,SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.3-2022-3761,SUSE-SLE-Product-SUSE-Manager-Server-4.3-2022-3761",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_3761-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2022:3761-1",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20223761-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2022:3761-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-October/012707.html"
},
{
"category": "self",
"summary": "SUSE Bug 1191857",
"url": "https://bugzilla.suse.com/1191857"
},
{
"category": "self",
"summary": "SUSE Bug 1195624",
"url": "https://bugzilla.suse.com/1195624"
},
{
"category": "self",
"summary": "SUSE Bug 1196729",
"url": "https://bugzilla.suse.com/1196729"
},
{
"category": "self",
"summary": "SUSE Bug 1197027",
"url": "https://bugzilla.suse.com/1197027"
},
{
"category": "self",
"summary": "SUSE Bug 1198168",
"url": "https://bugzilla.suse.com/1198168"
},
{
"category": "self",
"summary": "SUSE Bug 1198903",
"url": "https://bugzilla.suse.com/1198903"
},
{
"category": "self",
"summary": "SUSE Bug 1199726",
"url": "https://bugzilla.suse.com/1199726"
},
{
"category": "self",
"summary": "SUSE Bug 1200480",
"url": "https://bugzilla.suse.com/1200480"
},
{
"category": "self",
"summary": "SUSE Bug 1200573",
"url": "https://bugzilla.suse.com/1200573"
},
{
"category": "self",
"summary": "SUSE Bug 1200629",
"url": "https://bugzilla.suse.com/1200629"
},
{
"category": "self",
"summary": "SUSE Bug 1201210",
"url": "https://bugzilla.suse.com/1201210"
},
{
"category": "self",
"summary": "SUSE Bug 1201220",
"url": "https://bugzilla.suse.com/1201220"
},
{
"category": "self",
"summary": "SUSE Bug 1201260",
"url": "https://bugzilla.suse.com/1201260"
},
{
"category": "self",
"summary": "SUSE Bug 1201589",
"url": "https://bugzilla.suse.com/1201589"
},
{
"category": "self",
"summary": "SUSE Bug 1201626",
"url": "https://bugzilla.suse.com/1201626"
},
{
"category": "self",
"summary": "SUSE Bug 1201753",
"url": "https://bugzilla.suse.com/1201753"
},
{
"category": "self",
"summary": "SUSE Bug 1201788",
"url": "https://bugzilla.suse.com/1201788"
},
{
"category": "self",
"summary": "SUSE Bug 1201913",
"url": "https://bugzilla.suse.com/1201913"
},
{
"category": "self",
"summary": "SUSE Bug 1201918",
"url": "https://bugzilla.suse.com/1201918"
},
{
"category": "self",
"summary": "SUSE Bug 1202271",
"url": "https://bugzilla.suse.com/1202271"
},
{
"category": "self",
"summary": "SUSE Bug 1202272",
"url": "https://bugzilla.suse.com/1202272"
},
{
"category": "self",
"summary": "SUSE Bug 1202367",
"url": "https://bugzilla.suse.com/1202367"
},
{
"category": "self",
"summary": "SUSE Bug 1202455",
"url": "https://bugzilla.suse.com/1202455"
},
{
"category": "self",
"summary": "SUSE Bug 1202464",
"url": "https://bugzilla.suse.com/1202464"
},
{
"category": "self",
"summary": "SUSE Bug 1202602",
"url": "https://bugzilla.suse.com/1202602"
},
{
"category": "self",
"summary": "SUSE Bug 1202728",
"url": "https://bugzilla.suse.com/1202728"
},
{
"category": "self",
"summary": "SUSE Bug 1202729",
"url": "https://bugzilla.suse.com/1202729"
},
{
"category": "self",
"summary": "SUSE Bug 1202805",
"url": "https://bugzilla.suse.com/1202805"
},
{
"category": "self",
"summary": "SUSE Bug 1202899",
"url": "https://bugzilla.suse.com/1202899"
},
{
"category": "self",
"summary": "SUSE Bug 1203026",
"url": "https://bugzilla.suse.com/1203026"
},
{
"category": "self",
"summary": "SUSE Bug 1203049",
"url": "https://bugzilla.suse.com/1203049"
},
{
"category": "self",
"summary": "SUSE Bug 1203056",
"url": "https://bugzilla.suse.com/1203056"
},
{
"category": "self",
"summary": "SUSE Bug 1203169",
"url": "https://bugzilla.suse.com/1203169"
},
{
"category": "self",
"summary": "SUSE Bug 1203287",
"url": "https://bugzilla.suse.com/1203287"
},
{
"category": "self",
"summary": "SUSE Bug 1203288",
"url": "https://bugzilla.suse.com/1203288"
},
{
"category": "self",
"summary": "SUSE Bug 1203385",
"url": "https://bugzilla.suse.com/1203385"
},
{
"category": "self",
"summary": "SUSE Bug 1203406",
"url": "https://bugzilla.suse.com/1203406"
},
{
"category": "self",
"summary": "SUSE Bug 1203422",
"url": "https://bugzilla.suse.com/1203422"
},
{
"category": "self",
"summary": "SUSE Bug 1203449",
"url": "https://bugzilla.suse.com/1203449"
},
{
"category": "self",
"summary": "SUSE Bug 1203478",
"url": "https://bugzilla.suse.com/1203478"
},
{
"category": "self",
"summary": "SUSE Bug 1203484",
"url": "https://bugzilla.suse.com/1203484"
},
{
"category": "self",
"summary": "SUSE Bug 1203564",
"url": "https://bugzilla.suse.com/1203564"
},
{
"category": "self",
"summary": "SUSE Bug 1203585",
"url": "https://bugzilla.suse.com/1203585"
},
{
"category": "self",
"summary": "SUSE Bug 1203611",
"url": "https://bugzilla.suse.com/1203611"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-41411 page",
"url": "https://www.suse.com/security/cve/CVE-2021-41411/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-42740 page",
"url": "https://www.suse.com/security/cve/CVE-2021-42740/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-43138 page",
"url": "https://www.suse.com/security/cve/CVE-2021-43138/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0860 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0860/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-31129 page",
"url": "https://www.suse.com/security/cve/CVE-2022-31129/"
}
],
"title": "Security update for release-notes-susemanager, release-notes-susemanager-proxy",
"tracking": {
"current_release_date": "2022-10-26T08:58:54Z",
"generator": {
"date": "2022-10-26T08:58:54Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2022:3761-1",
"initial_release_date": "2022-10-26T08:58:54Z",
"revision_history": [
{
"date": "2022-10-26T08:58:54Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "release-notes-susemanager-4.3.2-150400.3.15.1.aarch64",
"product": {
"name": "release-notes-susemanager-4.3.2-150400.3.15.1.aarch64",
"product_id": "release-notes-susemanager-4.3.2-150400.3.15.1.aarch64"
}
},
{
"category": "product_version",
"name": "release-notes-susemanager-proxy-4.3.2-150400.3.9.3.aarch64",
"product": {
"name": "release-notes-susemanager-proxy-4.3.2-150400.3.9.3.aarch64",
"product_id": "release-notes-susemanager-proxy-4.3.2-150400.3.9.3.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "release-notes-susemanager-4.3.2-150400.3.15.1.i586",
"product": {
"name": "release-notes-susemanager-4.3.2-150400.3.15.1.i586",
"product_id": "release-notes-susemanager-4.3.2-150400.3.15.1.i586"
}
},
{
"category": "product_version",
"name": "release-notes-susemanager-proxy-4.3.2-150400.3.9.3.i586",
"product": {
"name": "release-notes-susemanager-proxy-4.3.2-150400.3.9.3.i586",
"product_id": "release-notes-susemanager-proxy-4.3.2-150400.3.9.3.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "release-notes-susemanager-4.3.2-150400.3.15.1.ppc64le",
"product": {
"name": "release-notes-susemanager-4.3.2-150400.3.15.1.ppc64le",
"product_id": "release-notes-susemanager-4.3.2-150400.3.15.1.ppc64le"
}
},
{
"category": "product_version",
"name": "release-notes-susemanager-proxy-4.3.2-150400.3.9.3.ppc64le",
"product": {
"name": "release-notes-susemanager-proxy-4.3.2-150400.3.9.3.ppc64le",
"product_id": "release-notes-susemanager-proxy-4.3.2-150400.3.9.3.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "release-notes-susemanager-4.3.2-150400.3.15.1.s390x",
"product": {
"name": "release-notes-susemanager-4.3.2-150400.3.15.1.s390x",
"product_id": "release-notes-susemanager-4.3.2-150400.3.15.1.s390x"
}
},
{
"category": "product_version",
"name": "release-notes-susemanager-proxy-4.3.2-150400.3.9.3.s390x",
"product": {
"name": "release-notes-susemanager-proxy-4.3.2-150400.3.9.3.s390x",
"product_id": "release-notes-susemanager-proxy-4.3.2-150400.3.9.3.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "release-notes-susemanager-4.3.2-150400.3.15.1.x86_64",
"product": {
"name": "release-notes-susemanager-4.3.2-150400.3.15.1.x86_64",
"product_id": "release-notes-susemanager-4.3.2-150400.3.15.1.x86_64"
}
},
{
"category": "product_version",
"name": "release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64",
"product": {
"name": "release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64",
"product_id": "release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Manager Proxy 4.3",
"product": {
"name": "SUSE Manager Proxy 4.3",
"product_id": "SUSE Manager Proxy 4.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-proxy:4.3"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Retail Branch Server 4.3",
"product": {
"name": "SUSE Manager Retail Branch Server 4.3",
"product_id": "SUSE Manager Retail Branch Server 4.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-retail-branch-server:4.3"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Server 4.3",
"product": {
"name": "SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-server:4.3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64 as component of SUSE Manager Proxy 4.3",
"product_id": "SUSE Manager Proxy 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64"
},
"product_reference": "release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64 as component of SUSE Manager Retail Branch Server 4.3",
"product_id": "SUSE Manager Retail Branch Server 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64"
},
"product_reference": "release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64",
"relates_to_product_reference": "SUSE Manager Retail Branch Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "release-notes-susemanager-4.3.2-150400.3.15.1.ppc64le as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.ppc64le"
},
"product_reference": "release-notes-susemanager-4.3.2-150400.3.15.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "release-notes-susemanager-4.3.2-150400.3.15.1.s390x as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.s390x"
},
"product_reference": "release-notes-susemanager-4.3.2-150400.3.15.1.s390x",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "release-notes-susemanager-4.3.2-150400.3.15.1.x86_64 as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.x86_64"
},
"product_reference": "release-notes-susemanager-4.3.2-150400.3.15.1.x86_64",
"relates_to_product_reference": "SUSE Manager Server 4.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-41411",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-41411"
}
],
"notes": [
{
"category": "general",
"text": "drools \u003c=7.59.x is affected by an XML External Entity (XXE) vulnerability in KieModuleMarshaller.java. The Validator class is not used correctly, resulting in the XXE injection vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Proxy 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64",
"SUSE Manager Retail Branch Server 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64",
"SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.ppc64le",
"SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.s390x",
"SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-41411",
"url": "https://www.suse.com/security/cve/CVE-2021-41411"
},
{
"category": "external",
"summary": "SUSE Bug 1200629 for CVE-2021-41411",
"url": "https://bugzilla.suse.com/1200629"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Proxy 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64",
"SUSE Manager Retail Branch Server 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64",
"SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.ppc64le",
"SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.s390x",
"SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Manager Proxy 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64",
"SUSE Manager Retail Branch Server 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64",
"SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.ppc64le",
"SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.s390x",
"SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-10-26T08:58:54Z",
"details": "important"
}
],
"title": "CVE-2021-41411"
},
{
"cve": "CVE-2021-42740",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-42740"
}
],
"notes": [
{
"category": "general",
"text": "The shell-quote package before 1.7.3 for Node.js allows command injection. An attacker can inject unescaped shell metacharacters through a regex designed to support Windows drive letters. If the output of this package is passed to a real shell as a quoted argument to a command with exec(), an attacker can inject arbitrary commands. This is because the Windows drive letter regex character class is {A-z] instead of the correct {A-Za-z]. Several shell metacharacters exist in the space between capital letter Z and lower case letter a, such as the backtick character.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Proxy 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64",
"SUSE Manager Retail Branch Server 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64",
"SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.ppc64le",
"SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.s390x",
"SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-42740",
"url": "https://www.suse.com/security/cve/CVE-2021-42740"
},
{
"category": "external",
"summary": "SUSE Bug 1203287 for CVE-2021-42740",
"url": "https://bugzilla.suse.com/1203287"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Proxy 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64",
"SUSE Manager Retail Branch Server 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64",
"SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.ppc64le",
"SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.s390x",
"SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Manager Proxy 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64",
"SUSE Manager Retail Branch Server 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64",
"SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.ppc64le",
"SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.s390x",
"SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-10-26T08:58:54Z",
"details": "critical"
}
],
"title": "CVE-2021-42740"
},
{
"cve": "CVE-2021-43138",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-43138"
}
],
"notes": [
{
"category": "general",
"text": "In Async before 2.6.4 and 3.x before 3.2.2, a malicious user can obtain privileges via the mapValues() method, aka lib/internal/iterator.js createObjectIterator prototype pollution.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Proxy 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64",
"SUSE Manager Retail Branch Server 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64",
"SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.ppc64le",
"SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.s390x",
"SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-43138",
"url": "https://www.suse.com/security/cve/CVE-2021-43138"
},
{
"category": "external",
"summary": "SUSE Bug 1200480 for CVE-2021-43138",
"url": "https://bugzilla.suse.com/1200480"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Proxy 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64",
"SUSE Manager Retail Branch Server 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64",
"SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.ppc64le",
"SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.s390x",
"SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Manager Proxy 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64",
"SUSE Manager Retail Branch Server 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64",
"SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.ppc64le",
"SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.s390x",
"SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-10-26T08:58:54Z",
"details": "important"
}
],
"title": "CVE-2021-43138"
},
{
"cve": "CVE-2022-0860",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0860"
}
],
"notes": [
{
"category": "general",
"text": "Improper Authorization in GitHub repository cobbler/cobbler prior to 3.3.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Proxy 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64",
"SUSE Manager Retail Branch Server 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64",
"SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.ppc64le",
"SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.s390x",
"SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0860",
"url": "https://www.suse.com/security/cve/CVE-2022-0860"
},
{
"category": "external",
"summary": "SUSE Bug 1197027 for CVE-2022-0860",
"url": "https://bugzilla.suse.com/1197027"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Proxy 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64",
"SUSE Manager Retail Branch Server 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64",
"SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.ppc64le",
"SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.s390x",
"SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Manager Proxy 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64",
"SUSE Manager Retail Branch Server 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64",
"SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.ppc64le",
"SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.s390x",
"SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-10-26T08:58:54Z",
"details": "important"
}
],
"title": "CVE-2022-0860"
},
{
"cve": "CVE-2022-31129",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-31129"
}
],
"notes": [
{
"category": "general",
"text": "moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an inefficient parsing algorithm. Specifically using string-to-date parsing in moment (more specifically rfc2822 parsing, which is tried by default) has quadratic (N^2) complexity on specific inputs. Users may notice a noticeable slowdown is observed with inputs above 10k characters. Users who pass user-provided strings without sanity length checks to moment constructor are vulnerable to (Re)DoS attacks. The problem is patched in 2.29.4, the patch can be applied to all affected versions with minimal tweaking. Users are advised to upgrade. Users unable to upgrade should consider limiting date lengths accepted from user input.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Proxy 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64",
"SUSE Manager Retail Branch Server 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64",
"SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.ppc64le",
"SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.s390x",
"SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-31129",
"url": "https://www.suse.com/security/cve/CVE-2022-31129"
},
{
"category": "external",
"summary": "SUSE Bug 1203288 for CVE-2022-31129",
"url": "https://bugzilla.suse.com/1203288"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Proxy 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64",
"SUSE Manager Retail Branch Server 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64",
"SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.ppc64le",
"SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.s390x",
"SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Manager Proxy 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64",
"SUSE Manager Retail Branch Server 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64",
"SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.ppc64le",
"SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.s390x",
"SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-10-26T08:58:54Z",
"details": "important"
}
],
"title": "CVE-2022-31129"
}
]
}
SUSE-SU-2023:2575-1
Vulnerability from csaf_suse - Published: 2023-06-21 11:42 - Updated: 2023-06-21 11:42Summary
Security update for SUSE Manager Client Tools
Severity
Important
Notes
Title of the patch: Security update for SUSE Manager Client Tools
Description of the patch: This update fixes the following issues:
grafana:
- Version update from 8.5.22 to 9.5.1 (jsc#PED-3694):
* Security fixes:
- CVE-2023-1410: grafana: Stored XSS in Graphite FunctionDescription tooltip (bsc#1209645)
- CVE-2023-1387: grafana: JWT URL-login flow leaks token to data sources through request parameter in proxy requests
(bnc#1210907)
- CVE-2022-36062: grafana: Fix RBAC folders/dashboards privilege escalation (bsc#1203596)
- CVE-2022-35957: grafana: Escalation from admin to server admin when auth proxy is used (bsc#1203597)
- CVE-2022-32149: Upgrade x/text to version unaffected by CVE-2022-32149 (bsc#1204501)
- CVE-2022-31107: grafana: OAuth account takeover (bsc#1201539)
- CVE-2022-31097: grafana: stored XSS vulnerability (bsc#1201535)
- CVE-2022-27664: go1.18,go1.19: net/http: handle server errors after sending GOAWAY (bsc#1203185)
- CVE-2022-0155: follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor
- CVE-2021-43138: spacewalk-web: a malicious user can obtain privileges via the mapValues() method(bsc#1200480)
- CVE-2021-3918: json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes
('Prototype Pollution') (bsc#1192696)
- CVE-2021-3807: node-ansi-regex: Inefficient Regular Expression Complexity in chalk/ansi-regex (bsc#1192154)
- CVE-2020-7753: nodejs-trim: Regular Expression Denial of Service (ReDoS) in trim function
* Important changes:
- Default named retention policies won't be used to query.
Users who have a default named retention policy in their influxdb database, have to rename it to something else.
To change the hardcoded retention policy in the dashboard.json, users must then select the right retention policy
from dropdown and save the panel/dashboard.
- Grafana Alerting rules with NoDataState configuration set to Alerting will now respect 'For' duration.
- Users who use LDAP role sync to only sync Viewer, Editor and Admin roles, but grant Grafana Server Admin role
manually will not be able to do that anymore. After this change, LDAP role sync will override any manual changes
to Grafana Server Admin role assignments. If grafana_admin is left unset in LDAP role mapping configuration, it
will default to false.
- The InfluxDB backend migration feature toggle (influxdbBackendMigration) has been reintroduced in this version
as issues were discovered with backend processing of InfluxDB data. Unless this feature toggle is enabled, all
InfluxDB data will be parsed in the frontend. This frontend processing is the default behavior.
In Grafana 9.4.4, InfluxDB data parsing started to be handled in the backend. If you have upgraded to 9.4.4
and then added new transformations on InfluxDB data, those panels will fail to render. To resolve this either:
Remove the affected panel and re-create it or edit the `time` field as `Time` in `panel.json`
or `dashboard.json`
- The `@grafana/ui` package helper function `selectOptionInTest` used in frontend tests has been removed as it
caused testing libraries to be bundled in the production code of Grafana. If you were using this helper function
in your tests please update your code accordingly.
- Removed deprecated `checkHealth` prop from the `@grafana/e2e` `addDataSource` configuration. Previously this
value defaulted to `false`, and has not been used in end-to-end tests since Grafana 8.0.3.
- Removed the deprecated `LegacyBaseMap`, `LegacyValueMapping`, `LegacyValueMap`, and `LegacyRangeMap` types, and
`getMappedValue` function from grafana-data. See the documentation for the migration.
This change fixes a bug in Grafana where intermittent failure of database, network between Grafana and the
database, or error in querying the database would cause all alert rules to be unscheduled in Grafana.
Following this change scheduled alert rules are not updated unless the query is successful.
- The `get_alert_rules_duration_seconds` metric has been renamed to `schedule_query_alert_rules_duration_seconds`
- Any secret (data sources credential, alert manager credential, etc, etc) created or modified with Grafana v9.0
won't be decryptable from any previous version (by default) because the way encrypted secrets are stored into the
database has changed. Although secrets created or modified with previous versions will still be decryptable by
Grafana v9.0.
- If required, although generally discouraged, the `disableEnvelopeEncryption` feature toggle can be enabled to
keep envelope encryption disabled once updating to Grafana
- In case of need to rollback to an earlier version of Grafana (i.e. Grafana v8.x) for any reason, after being
created or modified any secret with Grafana v9.0, the `envelopeEncryption` feature toggle will need to be enabled
to keep backwards compatibility (only from `v8.3.x` a bit unstable, from `8.5.x` stable).
- As a final attempt to deal with issues related with the aforementioned situations, the
`grafana-cli admin secrets-migration rollback` command has been designed to move back all the Grafana secrets
encrypted with envelope encryption to legacy encryption. So, after running that command it should be safe to
disable envelope encryption and/or roll back to a previous version of Grafana.
Alternatively or complementarily to all the points above, backing up the Grafana database before updating could
be a good idea to prevent disasters (although the risk of getting some secrets corrupted only applies to those
updates/created with after updating to Grafana v9.0).
- In Elasticsearch, browser access mode was deprecated in grafana 7.4.0 and removed in 9.0.0. If you used this mode
please switch to server access mode on the datasource configuration page.
- Environment variables passed from Grafana to external Azure plugins have been renamed:
`AZURE_CLOUD` renamed to `GFAZPL_AZURE_CLOUD`,
`AZURE_MANAGED_IDENTITY_ENABLED` renamed to `GFAZPL_MANAGED_IDENTITY_ENABLED`,
`AZURE_MANAGED_IDENTITY_CLIENT_ID` renamed to `GFAZPL_MANAGED_IDENTITY_CLIENT_ID`.
There are no known plugins which were relying on these variables. Moving forward plugins should read Azure
settings only via Grafana Azure SDK which properly handles old and new environment variables.
- Removes support for for ElasticSearch versions after their end-of-life, currently versions < 7.10.0.
To continue to use ElasticSearch data source, upgrade ElasticSearch to version 7.10.0+.
- Application Insights and Insight Analytics queries in Azure Monitor were deprecated in Grafana 8.0 and finally
removed in 9.0. Deprecated queries will no longer be executed.
- grafana/ui: Button now specifies a default type='button'.
The `Button` component provided by @grafana/ui now specifies a default `type='button'` when no type is provided.
In previous versions, if the attribute was not specified for buttons associated with a `<form>` the
default value was `submit` per the specification. You can preserve the old behavior by explicitly setting the
type attribute: `<Button type='submit' />`
- The `Rename by regex` transformation has been improved to allow global patterns of the form
`/<stringToReplace>/g`.
Depending on the regex match used, this may cause some transformations to behave slightly differently. You can
guarantee the same behaviour as before by wrapping the `match` string in forward slashes (`/`), e.g. `(.*)` would
become `/(.*)/`
- `<Select />` menus will now portal to the document body by default. This is to give more consistent
behaviour when positioning and overlaying. If you were setting`menuShouldPortal={true}` before you can safely
remove that prop and behaviour will be the same. If you weren't explicitly setting that prop, there should be no
visible changes in behaviour but your tests may need updating. If you were setting `menuShouldPortal={false}`
this will continue to prevent the menu from portalling.
- Grafana alerting endpoint prefixed with `api/v1/rule/test` that tests a rule against a Corte/Loki data source now
expects the data source UID as a path parameter instead of the data source numeric identifier.
- Grafana alerting endpoints prefixed with `api/prometheus/` that proxy requests to a Cortex/Loki data source now
expect the data source UID as a path parameter instead of the data source numeric identifier.
- Grafana alerting endpoints prefixed with `api/ruler/` that proxy requests to a Cortex/Loki data source now expect
the data source UID as a path parameter instead of the data
- Grafana alerting endpoints prefixed with `api/alertmanager/` that proxy requests to an Alertmanager now expect
the data source UID as a path parameter instead of the data source numeric identifier.
- The format of log messages have been updated, `lvl` is now `level` and `eror`and `dbug` has been replaced with
`error` and `debug`. The precision of timestamps has been increased.
To smooth the transition, it is possible to opt-out of the new log format by enabling the feature toggle
`oldlog`.
This option will be removed in a future minor release.
- In the Loki data source, the dataframe format used to represent Loki logs-data has been changed to a more
efficient format. The query-result is represented by a single dataframe with a 'labels' column, instead of the
separate dataframes for every labels-value. When displaying such data in explore, or in a logs-panel in the
dashboard will continue to work without changes, but if the data was loaded into a different dashboard-panel, or
Transforms were used, adjustments may be necessary. For example, if you used the 'labels to fields'
transformation with the logs data, please switch to the 'extract fields' transformation.
* Deprecations:
- The `grafana_database_conn_*` metrics are deprecated, and will be removed in a future version of Grafana. Use
the `go_sql_stats_*` metrics instead.
- Support for compact Explore URLs is deprecated and will be removed in a future release. Until then, when
navigating to Explore using the deprecated format the URLs are automatically converted. If you have
existing links pointing to Explore update them using the format generated by Explore upon navigation.
You can identify a compact URL by its format. Compact URLs have the left (and optionally right) url parameter as
an array of strings, for example `&left=['now-1h','now'...]`. The standard explore URLs follow a key/value
pattern, for example `&left={'datasource':'test'...}`. Please be sure to check your dashboards for any
hardcoded links to Explore and update them to the standard URL pattern.
- Chore: Remove deprecated DataSourceAPI methods.
- Data: Remove deprecated types and functions from valueMappings.
- Elasticsearch: Remove browser access mode.
- Elasticsearch: Remove support for versions after their end of the life (<7.10.0).
- Explore: Remove support for legacy, compact format URLs.
- Graph: Deprecate Graph (old) and make it no longer a visualization option for new panels.
- `setExploreQueryField`, `setExploreMetricsQueryField` and `setExploreLogsQueryField` are now deprecated and will
be removed in a future release. If you need to set a different query editor for Explore, conditionally render
based on `props.app` in your regular query editor.
* Changes:
- User: Fix externalUserId not being populated.
If you used any of these components please use them from grafana/experimental from now on:
- AccessoryButton
- EditorFieldGroup
- EditorHeader
- EditorField
- EditorRow
- EditorList
- EditorRows
- EditorSwitch
- FlexItem
- Stack
- InlineSelect
- InputGroup
- Space
- Starting with 9.1.0, existing heatmap panels will start using a new implementation. This can be disabled by
setting the `useLegacyHeatmapPanel` feature flag to true. It can be tested on a single dashbobard by adding
`?__feature.useLegacyHeatmapPanel=true` to any dashboard URL.
- Logger: Enable new logging format by default.
- Loki: Enable new visual query builder by default.
- Plugins: Remove plugin list panel.
- Install wrapper scripts under /usr/sbin
- Install actual binaries under /usr/libexec/grafana (or /usr/lib under older distributions) and create a simlink
for wrapper scripts and the service (which expect the binary to be under /usr/share/grafana/bin)
- Chore: Upgrade typescript to 4.6.4.
Patchnames: SUSE-2023-2575,SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-2575,SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-2575,openSUSE-SLE-15.4-2023-2575,openSUSE-SLE-15.5-2023-2575
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.3 (High)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.1 (High)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.6 (Medium)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.4 (Medium)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.2 (Medium)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.7 (Medium)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
55 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for SUSE Manager Client Tools",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update fixes the following issues:\n\ngrafana:\n\n- Version update from 8.5.22 to 9.5.1 (jsc#PED-3694):\n * Security fixes:\n - CVE-2023-1410: grafana: Stored XSS in Graphite FunctionDescription tooltip (bsc#1209645)\n - CVE-2023-1387: grafana: JWT URL-login flow leaks token to data sources through request parameter in proxy requests\n (bnc#1210907)\n - CVE-2022-36062: grafana: Fix RBAC folders/dashboards privilege escalation (bsc#1203596)\n - CVE-2022-35957: grafana: Escalation from admin to server admin when auth proxy is used (bsc#1203597)\n - CVE-2022-32149: Upgrade x/text to version unaffected by CVE-2022-32149 (bsc#1204501)\n - CVE-2022-31107: grafana: OAuth account takeover (bsc#1201539)\n - CVE-2022-31097: grafana: stored XSS vulnerability (bsc#1201535)\n - CVE-2022-27664: go1.18,go1.19: net/http: handle server errors after sending GOAWAY (bsc#1203185)\n - CVE-2022-0155: follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor\n - CVE-2021-43138: spacewalk-web: a malicious user can obtain privileges via the mapValues() method(bsc#1200480)\n - CVE-2021-3918: json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes\n (\u0027Prototype Pollution\u0027) (bsc#1192696)\n - CVE-2021-3807: node-ansi-regex: Inefficient Regular Expression Complexity in chalk/ansi-regex (bsc#1192154)\n - CVE-2020-7753: nodejs-trim: Regular Expression Denial of Service (ReDoS) in trim function \n * Important changes:\n - Default named retention policies won\u0027t be used to query.\n Users who have a default named retention policy in their influxdb database, have to rename it to something else.\n To change the hardcoded retention policy in the dashboard.json, users must then select the right retention policy\n from dropdown and save the panel/dashboard.\n - Grafana Alerting rules with NoDataState configuration set to Alerting will now respect \u0027For\u0027 duration.\n - Users who use LDAP role sync to only sync Viewer, Editor and Admin roles, but grant Grafana Server Admin role\n manually will not be able to do that anymore. After this change, LDAP role sync will override any manual changes\n to Grafana Server Admin role assignments. If grafana_admin is left unset in LDAP role mapping configuration, it\n will default to false.\n - The InfluxDB backend migration feature toggle (influxdbBackendMigration) has been reintroduced in this version\n as issues were discovered with backend processing of InfluxDB data. Unless this feature toggle is enabled, all\n InfluxDB data will be parsed in the frontend. This frontend processing is the default behavior. \n In Grafana 9.4.4, InfluxDB data parsing started to be handled in the backend. If you have upgraded to 9.4.4\n and then added new transformations on InfluxDB data, those panels will fail to render. To resolve this either:\n Remove the affected panel and re-create it or edit the `time` field as `Time` in `panel.json` \n or `dashboard.json`\n - The `@grafana/ui` package helper function `selectOptionInTest` used in frontend tests has been removed as it\n caused testing libraries to be bundled in the production code of Grafana. If you were using this helper function\n in your tests please update your code accordingly.\n - Removed deprecated `checkHealth` prop from the `@grafana/e2e` `addDataSource` configuration. Previously this\n value defaulted to `false`, and has not been used in end-to-end tests since Grafana 8.0.3.\n - Removed the deprecated `LegacyBaseMap`, `LegacyValueMapping`, `LegacyValueMap`, and `LegacyRangeMap` types, and\n `getMappedValue` function from grafana-data. See the documentation for the migration.\n This change fixes a bug in Grafana where intermittent failure of database, network between Grafana and the\n database, or error in querying the database would cause all alert rules to be unscheduled in Grafana. \n Following this change scheduled alert rules are not updated unless the query is successful.\n - The `get_alert_rules_duration_seconds` metric has been renamed to `schedule_query_alert_rules_duration_seconds`\n - Any secret (data sources credential, alert manager credential, etc, etc) created or modified with Grafana v9.0\n won\u0027t be decryptable from any previous version (by default) because the way encrypted secrets are stored into the\n database has changed. Although secrets created or modified with previous versions will still be decryptable by\n Grafana v9.0.\n - If required, although generally discouraged, the `disableEnvelopeEncryption` feature toggle can be enabled to\n keep envelope encryption disabled once updating to Grafana\n - In case of need to rollback to an earlier version of Grafana (i.e. Grafana v8.x) for any reason, after being\n created or modified any secret with Grafana v9.0, the `envelopeEncryption` feature toggle will need to be enabled\n to keep backwards compatibility (only from `v8.3.x` a bit unstable, from `8.5.x` stable).\n - As a final attempt to deal with issues related with the aforementioned situations, the \n `grafana-cli admin secrets-migration rollback` command has been designed to move back all the Grafana secrets\n encrypted with envelope encryption to legacy encryption. So, after running that command it should be safe to\n disable envelope encryption and/or roll back to a previous version of Grafana.\n Alternatively or complementarily to all the points above, backing up the Grafana database before updating could\n be a good idea to prevent disasters (although the risk of getting some secrets corrupted only applies to those \n updates/created with after updating to Grafana v9.0).\n - In Elasticsearch, browser access mode was deprecated in grafana 7.4.0 and removed in 9.0.0. If you used this mode\n please switch to server access mode on the datasource configuration page.\n - Environment variables passed from Grafana to external Azure plugins have been renamed:\n `AZURE_CLOUD` renamed to `GFAZPL_AZURE_CLOUD`,\n `AZURE_MANAGED_IDENTITY_ENABLED` renamed to `GFAZPL_MANAGED_IDENTITY_ENABLED`,\n `AZURE_MANAGED_IDENTITY_CLIENT_ID` renamed to `GFAZPL_MANAGED_IDENTITY_CLIENT_ID`.\n There are no known plugins which were relying on these variables. Moving forward plugins should read Azure\n settings only via Grafana Azure SDK which properly handles old and new environment variables.\n - Removes support for for ElasticSearch versions after their end-of-life, currently versions \u003c 7.10.0.\n To continue to use ElasticSearch data source, upgrade ElasticSearch to version 7.10.0+.\n - Application Insights and Insight Analytics queries in Azure Monitor were deprecated in Grafana 8.0 and finally\n removed in 9.0. Deprecated queries will no longer be executed.\n - grafana/ui: Button now specifies a default type=\u0027button\u0027.\n The `Button` component provided by @grafana/ui now specifies a default `type=\u0027button\u0027` when no type is provided.\n In previous versions, if the attribute was not specified for buttons associated with a `\u003cform\u003e` the\n default value was `submit` per the specification. You can preserve the old behavior by explicitly setting the\n type attribute: `\u003cButton type=\u0027submit\u0027 /\u003e`\n - The `Rename by regex` transformation has been improved to allow global patterns of the form \n `/\u003cstringToReplace\u003e/g`.\n Depending on the regex match used, this may cause some transformations to behave slightly differently. You can\n guarantee the same behaviour as before by wrapping the `match` string in forward slashes (`/`), e.g. `(.*)` would\n become `/(.*)/`\n - `\u003cSelect /\u003e` menus will now portal to the document body by default. This is to give more consistent\n behaviour when positioning and overlaying. If you were setting`menuShouldPortal={true}` before you can safely \n remove that prop and behaviour will be the same. If you weren\u0027t explicitly setting that prop, there should be no\n visible changes in behaviour but your tests may need updating. If you were setting `menuShouldPortal={false}`\n this will continue to prevent the menu from portalling.\n - Grafana alerting endpoint prefixed with `api/v1/rule/test` that tests a rule against a Corte/Loki data source now\n expects the data source UID as a path parameter instead of the data source numeric identifier.\n - Grafana alerting endpoints prefixed with `api/prometheus/` that proxy requests to a Cortex/Loki data source now\n expect the data source UID as a path parameter instead of the data source numeric identifier.\n - Grafana alerting endpoints prefixed with `api/ruler/` that proxy requests to a Cortex/Loki data source now expect\n the data source UID as a path parameter instead of the data\n - Grafana alerting endpoints prefixed with `api/alertmanager/` that proxy requests to an Alertmanager now expect\n the data source UID as a path parameter instead of the data source numeric identifier.\n - The format of log messages have been updated, `lvl` is now `level` and `eror`and `dbug` has been replaced with\n `error` and `debug`. The precision of timestamps has been increased.\n To smooth the transition, it is possible to opt-out of the new log format by enabling the feature toggle\n `oldlog`.\n This option will be removed in a future minor release.\n - In the Loki data source, the dataframe format used to represent Loki logs-data has been changed to a more\n efficient format. The query-result is represented by a single dataframe with a \u0027labels\u0027 column, instead of the\n separate dataframes for every labels-value. When displaying such data in explore, or in a logs-panel in the\n dashboard will continue to work without changes, but if the data was loaded into a different dashboard-panel, or\n Transforms were used, adjustments may be necessary. For example, if you used the \u0027labels to fields\u0027 \n transformation with the logs data, please switch to the \u0027extract fields\u0027 transformation.\n * Deprecations:\n - The `grafana_database_conn_*` metrics are deprecated, and will be removed in a future version of Grafana. Use \n the `go_sql_stats_*` metrics instead.\n - Support for compact Explore URLs is deprecated and will be removed in a future release. Until then, when\n navigating to Explore using the deprecated format the URLs are automatically converted. If you have\n existing links pointing to Explore update them using the format generated by Explore upon navigation.\n You can identify a compact URL by its format. Compact URLs have the left (and optionally right) url parameter as\n an array of strings, for example `\u0026left=[\u0027now-1h\u0027,\u0027now\u0027...]`. The standard explore URLs follow a key/value\n pattern, for example `\u0026left={\u0027datasource\u0027:\u0027test\u0027...}`. Please be sure to check your dashboards for any\n hardcoded links to Explore and update them to the standard URL pattern.\n - Chore: Remove deprecated DataSourceAPI methods.\n - Data: Remove deprecated types and functions from valueMappings.\n - Elasticsearch: Remove browser access mode.\n - Elasticsearch: Remove support for versions after their end of the life (\u003c7.10.0).\n - Explore: Remove support for legacy, compact format URLs.\n - Graph: Deprecate Graph (old) and make it no longer a visualization option for new panels.\n - `setExploreQueryField`, `setExploreMetricsQueryField` and `setExploreLogsQueryField` are now deprecated and will\n be removed in a future release. If you need to set a different query editor for Explore, conditionally render\n based on `props.app` in your regular query editor.\n * Changes:\n - User: Fix externalUserId not being populated.\n If you used any of these components please use them from grafana/experimental from now on:\n - AccessoryButton\n - EditorFieldGroup\n - EditorHeader\n - EditorField\n - EditorRow\n - EditorList\n - EditorRows\n - EditorSwitch\n - FlexItem\n - Stack\n - InlineSelect\n - InputGroup\n - Space\n - Starting with 9.1.0, existing heatmap panels will start using a new implementation. This can be disabled by\n setting the `useLegacyHeatmapPanel` feature flag to true. It can be tested on a single dashbobard by adding\n `?__feature.useLegacyHeatmapPanel=true` to any dashboard URL.\n - Logger: Enable new logging format by default.\n - Loki: Enable new visual query builder by default.\n - Plugins: Remove plugin list panel.\n - Install wrapper scripts under /usr/sbin\n - Install actual binaries under /usr/libexec/grafana (or /usr/lib under older distributions) and create a simlink \n for wrapper scripts and the service (which expect the binary to be under /usr/share/grafana/bin)\n - Chore: Upgrade typescript to 4.6.4.\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2023-2575,SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-2575,SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-2575,openSUSE-SLE-15.4-2023-2575,openSUSE-SLE-15.5-2023-2575",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_2575-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2023:2575-1",
"url": "https://www.suse.com/support/update/announcement/2023/suse-su-20232575-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2023:2575-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2023-June/029953.html"
},
{
"category": "self",
"summary": "SUSE Bug 1192154",
"url": "https://bugzilla.suse.com/1192154"
},
{
"category": "self",
"summary": "SUSE Bug 1192696",
"url": "https://bugzilla.suse.com/1192696"
},
{
"category": "self",
"summary": "SUSE Bug 1200480",
"url": "https://bugzilla.suse.com/1200480"
},
{
"category": "self",
"summary": "SUSE Bug 1201535",
"url": "https://bugzilla.suse.com/1201535"
},
{
"category": "self",
"summary": "SUSE Bug 1201539",
"url": "https://bugzilla.suse.com/1201539"
},
{
"category": "self",
"summary": "SUSE Bug 1203185",
"url": "https://bugzilla.suse.com/1203185"
},
{
"category": "self",
"summary": "SUSE Bug 1203596",
"url": "https://bugzilla.suse.com/1203596"
},
{
"category": "self",
"summary": "SUSE Bug 1203597",
"url": "https://bugzilla.suse.com/1203597"
},
{
"category": "self",
"summary": "SUSE Bug 1204501",
"url": "https://bugzilla.suse.com/1204501"
},
{
"category": "self",
"summary": "SUSE Bug 1209645",
"url": "https://bugzilla.suse.com/1209645"
},
{
"category": "self",
"summary": "SUSE Bug 1210907",
"url": "https://bugzilla.suse.com/1210907"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-7753 page",
"url": "https://www.suse.com/security/cve/CVE-2020-7753/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3807 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3807/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3918 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3918/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-43138 page",
"url": "https://www.suse.com/security/cve/CVE-2021-43138/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0155 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0155/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-27664 page",
"url": "https://www.suse.com/security/cve/CVE-2022-27664/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-31097 page",
"url": "https://www.suse.com/security/cve/CVE-2022-31097/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-31107 page",
"url": "https://www.suse.com/security/cve/CVE-2022-31107/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-32149 page",
"url": "https://www.suse.com/security/cve/CVE-2022-32149/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-35957 page",
"url": "https://www.suse.com/security/cve/CVE-2022-35957/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-36062 page",
"url": "https://www.suse.com/security/cve/CVE-2022-36062/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-1387 page",
"url": "https://www.suse.com/security/cve/CVE-2023-1387/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-1410 page",
"url": "https://www.suse.com/security/cve/CVE-2023-1410/"
}
],
"title": "Security update for SUSE Manager Client Tools",
"tracking": {
"current_release_date": "2023-06-21T11:42:33Z",
"generator": {
"date": "2023-06-21T11:42:33Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2023:2575-1",
"initial_release_date": "2023-06-21T11:42:33Z",
"revision_history": [
{
"date": "2023-06-21T11:42:33Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "grafana-9.5.1-150200.3.41.3.aarch64",
"product": {
"name": "grafana-9.5.1-150200.3.41.3.aarch64",
"product_id": "grafana-9.5.1-150200.3.41.3.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-9.5.1-150200.3.41.3.i586",
"product": {
"name": "grafana-9.5.1-150200.3.41.3.i586",
"product_id": "grafana-9.5.1-150200.3.41.3.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-9.5.1-150200.3.41.3.ppc64le",
"product": {
"name": "grafana-9.5.1-150200.3.41.3.ppc64le",
"product_id": "grafana-9.5.1-150200.3.41.3.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-9.5.1-150200.3.41.3.s390x",
"product": {
"name": "grafana-9.5.1-150200.3.41.3.s390x",
"product_id": "grafana-9.5.1-150200.3.41.3.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-9.5.1-150200.3.41.3.x86_64",
"product": {
"name": "grafana-9.5.1-150200.3.41.3.x86_64",
"product_id": "grafana-9.5.1-150200.3.41.3.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Package Hub 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Module for Package Hub 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:packagehub:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Package Hub 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Module for Package Hub 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:packagehub:15:sp5"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.4",
"product": {
"name": "openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.4"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.5",
"product": {
"name": "openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-9.5.1-150200.3.41.3.aarch64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.aarch64"
},
"product_reference": "grafana-9.5.1-150200.3.41.3.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-9.5.1-150200.3.41.3.ppc64le as component of SUSE Linux Enterprise Module for Package Hub 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.ppc64le"
},
"product_reference": "grafana-9.5.1-150200.3.41.3.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-9.5.1-150200.3.41.3.s390x as component of SUSE Linux Enterprise Module for Package Hub 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.s390x"
},
"product_reference": "grafana-9.5.1-150200.3.41.3.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-9.5.1-150200.3.41.3.x86_64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.x86_64"
},
"product_reference": "grafana-9.5.1-150200.3.41.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-9.5.1-150200.3.41.3.aarch64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.aarch64"
},
"product_reference": "grafana-9.5.1-150200.3.41.3.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-9.5.1-150200.3.41.3.ppc64le as component of SUSE Linux Enterprise Module for Package Hub 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.ppc64le"
},
"product_reference": "grafana-9.5.1-150200.3.41.3.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-9.5.1-150200.3.41.3.s390x as component of SUSE Linux Enterprise Module for Package Hub 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.s390x"
},
"product_reference": "grafana-9.5.1-150200.3.41.3.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-9.5.1-150200.3.41.3.x86_64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.x86_64"
},
"product_reference": "grafana-9.5.1-150200.3.41.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-9.5.1-150200.3.41.3.aarch64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.aarch64"
},
"product_reference": "grafana-9.5.1-150200.3.41.3.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-9.5.1-150200.3.41.3.ppc64le as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.ppc64le"
},
"product_reference": "grafana-9.5.1-150200.3.41.3.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-9.5.1-150200.3.41.3.s390x as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.s390x"
},
"product_reference": "grafana-9.5.1-150200.3.41.3.s390x",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-9.5.1-150200.3.41.3.x86_64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.x86_64"
},
"product_reference": "grafana-9.5.1-150200.3.41.3.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-9.5.1-150200.3.41.3.aarch64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.aarch64"
},
"product_reference": "grafana-9.5.1-150200.3.41.3.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-9.5.1-150200.3.41.3.ppc64le as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.ppc64le"
},
"product_reference": "grafana-9.5.1-150200.3.41.3.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-9.5.1-150200.3.41.3.s390x as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.s390x"
},
"product_reference": "grafana-9.5.1-150200.3.41.3.s390x",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-9.5.1-150200.3.41.3.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.x86_64"
},
"product_reference": "grafana-9.5.1-150200.3.41.3.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-7753",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-7753"
}
],
"notes": [
{
"category": "general",
"text": "All versions of package trim are vulnerable to Regular Expression Denial of Service (ReDoS) via trim().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.x86_64",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.aarch64",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.ppc64le",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.s390x",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.x86_64",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.aarch64",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.ppc64le",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.s390x",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-7753",
"url": "https://www.suse.com/security/cve/CVE-2020-7753"
},
{
"category": "external",
"summary": "SUSE Bug 1218843 for CVE-2020-7753",
"url": "https://bugzilla.suse.com/1218843"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.x86_64",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.aarch64",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.ppc64le",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.s390x",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.x86_64",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.aarch64",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.ppc64le",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.s390x",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.x86_64",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.aarch64",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.ppc64le",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.s390x",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.x86_64",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.aarch64",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.ppc64le",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.s390x",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-06-21T11:42:33Z",
"details": "important"
}
],
"title": "CVE-2020-7753"
},
{
"cve": "CVE-2021-3807",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3807"
}
],
"notes": [
{
"category": "general",
"text": "ansi-regex is vulnerable to Inefficient Regular Expression Complexity",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.x86_64",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.aarch64",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.ppc64le",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.s390x",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.x86_64",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.aarch64",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.ppc64le",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.s390x",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3807",
"url": "https://www.suse.com/security/cve/CVE-2021-3807"
},
{
"category": "external",
"summary": "SUSE Bug 1192154 for CVE-2021-3807",
"url": "https://bugzilla.suse.com/1192154"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.x86_64",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.aarch64",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.ppc64le",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.s390x",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.x86_64",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.aarch64",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.ppc64le",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.s390x",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.x86_64",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.aarch64",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.ppc64le",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.s390x",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.x86_64",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.aarch64",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.ppc64le",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.s390x",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-06-21T11:42:33Z",
"details": "important"
}
],
"title": "CVE-2021-3807"
},
{
"cve": "CVE-2021-3918",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3918"
}
],
"notes": [
{
"category": "general",
"text": "json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.x86_64",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.aarch64",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.ppc64le",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.s390x",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.x86_64",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.aarch64",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.ppc64le",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.s390x",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3918",
"url": "https://www.suse.com/security/cve/CVE-2021-3918"
},
{
"category": "external",
"summary": "SUSE Bug 1192696 for CVE-2021-3918",
"url": "https://bugzilla.suse.com/1192696"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.x86_64",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.aarch64",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.ppc64le",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.s390x",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.x86_64",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.aarch64",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.ppc64le",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.s390x",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.x86_64",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.aarch64",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.ppc64le",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.s390x",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.x86_64",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.aarch64",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.ppc64le",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.s390x",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-06-21T11:42:33Z",
"details": "important"
}
],
"title": "CVE-2021-3918"
},
{
"cve": "CVE-2021-43138",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-43138"
}
],
"notes": [
{
"category": "general",
"text": "In Async before 2.6.4 and 3.x before 3.2.2, a malicious user can obtain privileges via the mapValues() method, aka lib/internal/iterator.js createObjectIterator prototype pollution.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.x86_64",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.aarch64",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.ppc64le",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.s390x",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.x86_64",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.aarch64",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.ppc64le",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.s390x",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-43138",
"url": "https://www.suse.com/security/cve/CVE-2021-43138"
},
{
"category": "external",
"summary": "SUSE Bug 1200480 for CVE-2021-43138",
"url": "https://bugzilla.suse.com/1200480"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.x86_64",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.aarch64",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.ppc64le",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.s390x",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.x86_64",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.aarch64",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.ppc64le",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.s390x",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.x86_64",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.aarch64",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.ppc64le",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.s390x",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.x86_64",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.aarch64",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.ppc64le",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.s390x",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-06-21T11:42:33Z",
"details": "important"
}
],
"title": "CVE-2021-43138"
},
{
"cve": "CVE-2022-0155",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0155"
}
],
"notes": [
{
"category": "general",
"text": "follow-redirects is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.x86_64",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.aarch64",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.ppc64le",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.s390x",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.x86_64",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.aarch64",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.ppc64le",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.s390x",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0155",
"url": "https://www.suse.com/security/cve/CVE-2022-0155"
},
{
"category": "external",
"summary": "SUSE Bug 1218844 for CVE-2022-0155",
"url": "https://bugzilla.suse.com/1218844"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.x86_64",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.aarch64",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.ppc64le",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.s390x",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.x86_64",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.aarch64",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.ppc64le",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.s390x",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.x86_64",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.aarch64",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.ppc64le",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.s390x",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.x86_64",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.aarch64",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.ppc64le",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.s390x",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-06-21T11:42:33Z",
"details": "moderate"
}
],
"title": "CVE-2022-0155"
},
{
"cve": "CVE-2022-27664",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-27664"
}
],
"notes": [
{
"category": "general",
"text": "In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.x86_64",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.aarch64",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.ppc64le",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.s390x",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.x86_64",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.aarch64",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.ppc64le",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.s390x",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-27664",
"url": "https://www.suse.com/security/cve/CVE-2022-27664"
},
{
"category": "external",
"summary": "SUSE Bug 1203185 for CVE-2022-27664",
"url": "https://bugzilla.suse.com/1203185"
},
{
"category": "external",
"summary": "SUSE Bug 1203293 for CVE-2022-27664",
"url": "https://bugzilla.suse.com/1203293"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.x86_64",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.aarch64",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.ppc64le",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.s390x",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.x86_64",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.aarch64",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.ppc64le",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.s390x",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.x86_64",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.aarch64",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.ppc64le",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.s390x",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.x86_64",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.aarch64",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.ppc64le",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.s390x",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-06-21T11:42:33Z",
"details": "important"
}
],
"title": "CVE-2022-27664"
},
{
"cve": "CVE-2022-31097",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-31097"
}
],
"notes": [
{
"category": "general",
"text": "Grafana is an open-source platform for monitoring and observability. Versions on the 8.x and 9.x branch prior to 9.0.3, 8.5.9, 8.4.10, and 8.3.10 are vulnerable to stored cross-site scripting via the Unified Alerting feature of Grafana. An attacker can exploit this vulnerability to escalate privilege from editor to admin by tricking an authenticated admin to click on a link. Versions 9.0.3, 8.5.9, 8.4.10, and 8.3.10 contain a patch. As a workaround, it is possible to disable alerting or use legacy alerting.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.x86_64",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.aarch64",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.ppc64le",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.s390x",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.x86_64",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.aarch64",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.ppc64le",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.s390x",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-31097",
"url": "https://www.suse.com/security/cve/CVE-2022-31097"
},
{
"category": "external",
"summary": "SUSE Bug 1201535 for CVE-2022-31097",
"url": "https://bugzilla.suse.com/1201535"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.x86_64",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.aarch64",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.ppc64le",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.s390x",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.x86_64",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.aarch64",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.ppc64le",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.s390x",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.x86_64",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.aarch64",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.ppc64le",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.s390x",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.x86_64",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.aarch64",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.ppc64le",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.s390x",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-06-21T11:42:33Z",
"details": "important"
}
],
"title": "CVE-2022-31097"
},
{
"cve": "CVE-2022-31107",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-31107"
}
],
"notes": [
{
"category": "general",
"text": "Grafana is an open-source platform for monitoring and observability. In versions 5.3 until 9.0.3, 8.5.9, 8.4.10, and 8.3.10, it is possible for a malicious user who has authorization to log into a Grafana instance via a configured OAuth IdP which provides a login name to take over the account of another user in that Grafana instance. This can occur when the malicious user is authorized to log in to Grafana via OAuth, the malicious user\u0027s external user id is not already associated with an account in Grafana, the malicious user\u0027s email address is not already associated with an account in Grafana, and the malicious user knows the Grafana username of the target user. If these conditions are met, the malicious user can set their username in the OAuth provider to that of the target user, then go through the OAuth flow to log in to Grafana. Due to the way that external and internal user accounts are linked together during login, if the conditions above are all met then the malicious user will be able to log in to the target user\u0027s Grafana account. Versions 9.0.3, 8.5.9, 8.4.10, and 8.3.10 contain a patch for this issue. As a workaround, concerned users can disable OAuth login to their Grafana instance, or ensure that all users authorized to log in via OAuth have a corresponding user account in Grafana linked to their email address.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.x86_64",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.aarch64",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.ppc64le",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.s390x",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.x86_64",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.aarch64",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.ppc64le",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.s390x",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-31107",
"url": "https://www.suse.com/security/cve/CVE-2022-31107"
},
{
"category": "external",
"summary": "SUSE Bug 1201539 for CVE-2022-31107",
"url": "https://bugzilla.suse.com/1201539"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.x86_64",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.aarch64",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.ppc64le",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.s390x",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.x86_64",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.aarch64",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.ppc64le",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.s390x",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.x86_64",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.aarch64",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.ppc64le",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.s390x",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.x86_64",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.aarch64",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.ppc64le",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.s390x",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-06-21T11:42:33Z",
"details": "important"
}
],
"title": "CVE-2022-31107"
},
{
"cve": "CVE-2022-32149",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-32149"
}
],
"notes": [
{
"category": "general",
"text": "An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.x86_64",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.aarch64",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.ppc64le",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.s390x",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.x86_64",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.aarch64",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.ppc64le",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.s390x",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-32149",
"url": "https://www.suse.com/security/cve/CVE-2022-32149"
},
{
"category": "external",
"summary": "SUSE Bug 1204501 for CVE-2022-32149",
"url": "https://bugzilla.suse.com/1204501"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.x86_64",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.aarch64",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.ppc64le",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.s390x",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.x86_64",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.aarch64",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.ppc64le",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.s390x",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.x86_64",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.aarch64",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.ppc64le",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.s390x",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.x86_64",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.aarch64",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.ppc64le",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.s390x",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-06-21T11:42:33Z",
"details": "important"
}
],
"title": "CVE-2022-32149"
},
{
"cve": "CVE-2022-35957",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-35957"
}
],
"notes": [
{
"category": "general",
"text": "Grafana is an open-source platform for monitoring and observability. Versions prior to 9.1.6 and 8.5.13 are vulnerable to an escalation from admin to server admin when auth proxy is used, allowing an admin to take over the server admin account and gain full control of the grafana instance. All installations should be upgraded as soon as possible. As a workaround deactivate auth proxy following the instructions at: https://grafana.com/docs/grafana/latest/setup-grafana/configure-security/configure-authentication/auth-proxy/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.x86_64",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.aarch64",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.ppc64le",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.s390x",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.x86_64",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.aarch64",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.ppc64le",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.s390x",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-35957",
"url": "https://www.suse.com/security/cve/CVE-2022-35957"
},
{
"category": "external",
"summary": "SUSE Bug 1203597 for CVE-2022-35957",
"url": "https://bugzilla.suse.com/1203597"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.x86_64",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.aarch64",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.ppc64le",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.s390x",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.x86_64",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.aarch64",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.ppc64le",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.s390x",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.x86_64",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.aarch64",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.ppc64le",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.s390x",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.x86_64",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.aarch64",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.ppc64le",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.s390x",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-06-21T11:42:33Z",
"details": "moderate"
}
],
"title": "CVE-2022-35957"
},
{
"cve": "CVE-2022-36062",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-36062"
}
],
"notes": [
{
"category": "general",
"text": "Grafana is an open-source platform for monitoring and observability. In versions prior to 8.5.13, 9.0.9, and 9.1.6, Grafana is subject to Improper Preservation of Permissions resulting in privilege escalation on some folders where Admin is the only used permission. The vulnerability impacts Grafana instances where RBAC was disabled and enabled afterwards, as the migrations which are translating legacy folder permissions to RBAC permissions do not account for the scenario where the only user permission in the folder is Admin, as a result RBAC adds permissions for Editors and Viewers which allow them to edit and view folders accordingly. This issue has been patched in versions 8.5.13, 9.0.9, and 9.1.6. A workaround when the impacted folder/dashboard is known is to remove the additional permissions manually.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.x86_64",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.aarch64",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.ppc64le",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.s390x",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.x86_64",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.aarch64",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.ppc64le",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.s390x",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-36062",
"url": "https://www.suse.com/security/cve/CVE-2022-36062"
},
{
"category": "external",
"summary": "SUSE Bug 1203596 for CVE-2022-36062",
"url": "https://bugzilla.suse.com/1203596"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.x86_64",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.aarch64",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.ppc64le",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.s390x",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.x86_64",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.aarch64",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.ppc64le",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.s390x",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.x86_64",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.aarch64",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.ppc64le",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.s390x",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.x86_64",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.aarch64",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.ppc64le",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.s390x",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-06-21T11:42:33Z",
"details": "moderate"
}
],
"title": "CVE-2022-36062"
},
{
"cve": "CVE-2023-1387",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-1387"
}
],
"notes": [
{
"category": "general",
"text": "Grafana is an open-source platform for monitoring and observability. \n\nStarting with the 9.1 branch, Grafana introduced the ability to search for a JWT in the URL query parameter auth_token and use it as the authentication token. \n\nBy enabling the \"url_login\" configuration option (disabled by default), a JWT might be sent to data sources. If an attacker has access to the data source, the leaked token could be used to authenticate to Grafana.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.x86_64",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.aarch64",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.ppc64le",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.s390x",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.x86_64",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.aarch64",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.ppc64le",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.s390x",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-1387",
"url": "https://www.suse.com/security/cve/CVE-2023-1387"
},
{
"category": "external",
"summary": "SUSE Bug 1210907 for CVE-2023-1387",
"url": "https://bugzilla.suse.com/1210907"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.x86_64",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.aarch64",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.ppc64le",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.s390x",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.x86_64",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.aarch64",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.ppc64le",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.s390x",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.x86_64",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.aarch64",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.ppc64le",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.s390x",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.x86_64",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.aarch64",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.ppc64le",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.s390x",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-06-21T11:42:33Z",
"details": "moderate"
}
],
"title": "CVE-2023-1387"
},
{
"cve": "CVE-2023-1410",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-1410"
}
],
"notes": [
{
"category": "general",
"text": "Grafana is an open-source platform for monitoring and observability. \n\nGrafana had a stored XSS vulnerability in the Graphite FunctionDescription tooltip. \n\nThe stored XSS vulnerability was possible due the value of the Function Description was not properly sanitized.\n\nAn attacker needs to have control over the Graphite data source in order to manipulate a function description and a Grafana admin needs to configure the data source, later a Grafana user needs to select a tampered function and hover over the description. \n\n Users may upgrade to version 8.5.22, 9.2.15 and 9.3.11 to receive a fix.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.x86_64",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.aarch64",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.ppc64le",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.s390x",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.x86_64",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.aarch64",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.ppc64le",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.s390x",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-1410",
"url": "https://www.suse.com/security/cve/CVE-2023-1410"
},
{
"category": "external",
"summary": "SUSE Bug 1209645 for CVE-2023-1410",
"url": "https://bugzilla.suse.com/1209645"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.x86_64",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.aarch64",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.ppc64le",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.s390x",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.x86_64",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.aarch64",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.ppc64le",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.s390x",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.x86_64",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.aarch64",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.ppc64le",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.s390x",
"openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.x86_64",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.aarch64",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.ppc64le",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.s390x",
"openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-06-21T11:42:33Z",
"details": "moderate"
}
],
"title": "CVE-2023-1410"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…