Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2021-43859 (GCVE-0-2021-43859)
Vulnerability from cvelistv5 – Published: 2022-02-01 12:08 – Updated: 2025-11-03 21:45
VLAI
EPSS
Title
Denial of Service by injecting highly recursive collections or maps in XStream
Summary
XStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. XStream 1.4.19 monitors and accumulates the time it takes to add elements to collections and throws an exception if a set threshold is exceeded. Users are advised to upgrade as soon as possible. Users unable to upgrade may set the NO_REFERENCE mode to prevent recursion. See GHSA-rmr5-cpv2-vgjf for further details on a workaround if an upgrade is not possible.
Severity
7.5 (High)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
10 references
| URL | Tags |
|---|---|
| https://github.com/x-stream/xstream/security/advi… | x_refsource_CONFIRM |
| https://github.com/x-stream/xstream/commit/e8e886… | x_refsource_MISC |
| https://x-stream.github.io/CVE-2021-43859.html | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2022/02/09/1 | mailing-listx_refsource_MLIST |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://lists.debian.org/debian-lts-announce/2022… | mailing-listx_refsource_MLIST |
| https://www.oracle.com/security-alerts/cpuapr2022.html | x_refsource_MISC |
| https://www.oracle.com/security-alerts/cpujul2022.html | x_refsource_MISC |
| https://lists.debian.org/debian-lts-announce/2024… |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:45:34.625Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/x-stream/xstream/security/advisories/GHSA-rmr5-cpv2-vgjf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/x-stream/xstream/commit/e8e88621ba1c85ac3b8620337dd672e0c0c3a846"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://x-stream.github.io/CVE-2021-43859.html"
},
{
"name": "[oss-security] 20220209 Vulnerability in Jenkins",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/02/09/1"
},
{
"name": "FEDORA-2022-ad5cf1c0dd",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XODFRE2ZL64FICBJDOPWOLPTSSAI4U7X/"
},
{
"name": "FEDORA-2022-983a78275c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VACQYG356OHUTD5WQGAQ4L2TTFTAV3SJ/"
},
{
"name": "[debian-lts-announce] 20220215 [SECURITY] [DLA 2924-1] libxstream-java security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00018.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00023.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-43859",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-22T15:42:17.720370Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T18:27:42.489Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "xstream",
"vendor": "x-stream",
"versions": [
{
"status": "affected",
"version": "\u003c 1.4.19"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. XStream 1.4.19 monitors and accumulates the time it takes to add elements to collections and throws an exception if a set threshold is exceeded. Users are advised to upgrade as soon as possible. Users unable to upgrade may set the NO_REFERENCE mode to prevent recursion. See GHSA-rmr5-cpv2-vgjf for further details on a workaround if an upgrade is not possible."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-25T16:40:35.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/x-stream/xstream/security/advisories/GHSA-rmr5-cpv2-vgjf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/x-stream/xstream/commit/e8e88621ba1c85ac3b8620337dd672e0c0c3a846"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://x-stream.github.io/CVE-2021-43859.html"
},
{
"name": "[oss-security] 20220209 Vulnerability in Jenkins",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2022/02/09/1"
},
{
"name": "FEDORA-2022-ad5cf1c0dd",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XODFRE2ZL64FICBJDOPWOLPTSSAI4U7X/"
},
{
"name": "FEDORA-2022-983a78275c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VACQYG356OHUTD5WQGAQ4L2TTFTAV3SJ/"
},
{
"name": "[debian-lts-announce] 20220215 [SECURITY] [DLA 2924-1] libxstream-java security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00018.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"source": {
"advisory": "GHSA-rmr5-cpv2-vgjf",
"discovery": "UNKNOWN"
},
"title": "Denial of Service by injecting highly recursive collections or maps in XStream",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-43859",
"STATE": "PUBLIC",
"TITLE": "Denial of Service by injecting highly recursive collections or maps in XStream"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "xstream",
"version": {
"version_data": [
{
"version_value": "\u003c 1.4.19"
}
]
}
}
]
},
"vendor_name": "x-stream"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. XStream 1.4.19 monitors and accumulates the time it takes to add elements to collections and throws an exception if a set threshold is exceeded. Users are advised to upgrade as soon as possible. Users unable to upgrade may set the NO_REFERENCE mode to prevent recursion. See GHSA-rmr5-cpv2-vgjf for further details on a workaround if an upgrade is not possible."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400: Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/x-stream/xstream/security/advisories/GHSA-rmr5-cpv2-vgjf",
"refsource": "CONFIRM",
"url": "https://github.com/x-stream/xstream/security/advisories/GHSA-rmr5-cpv2-vgjf"
},
{
"name": "https://github.com/x-stream/xstream/commit/e8e88621ba1c85ac3b8620337dd672e0c0c3a846",
"refsource": "MISC",
"url": "https://github.com/x-stream/xstream/commit/e8e88621ba1c85ac3b8620337dd672e0c0c3a846"
},
{
"name": "https://x-stream.github.io/CVE-2021-43859.html",
"refsource": "MISC",
"url": "https://x-stream.github.io/CVE-2021-43859.html"
},
{
"name": "[oss-security] 20220209 Vulnerability in Jenkins",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2022/02/09/1"
},
{
"name": "FEDORA-2022-ad5cf1c0dd",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XODFRE2ZL64FICBJDOPWOLPTSSAI4U7X/"
},
{
"name": "FEDORA-2022-983a78275c",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VACQYG356OHUTD5WQGAQ4L2TTFTAV3SJ/"
},
{
"name": "[debian-lts-announce] 20220215 [SECURITY] [DLA 2924-1] libxstream-java security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00018.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
]
},
"source": {
"advisory": "GHSA-rmr5-cpv2-vgjf",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-43859",
"datePublished": "2022-02-01T12:08:57.000Z",
"dateReserved": "2021-11-16T00:00:00.000Z",
"dateUpdated": "2025-11-03T21:45:34.625Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2021-43859",
"date": "2026-06-05",
"epss": "0.01863",
"percentile": "0.83439"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2021-43859\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2022-02-01T12:15:08.080\",\"lastModified\":\"2025-11-03T22:15:52.883\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"XStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. XStream 1.4.19 monitors and accumulates the time it takes to add elements to collections and throws an exception if a set threshold is exceeded. Users are advised to upgrade as soon as possible. Users unable to upgrade may set the NO_REFERENCE mode to prevent recursion. See GHSA-rmr5-cpv2-vgjf for further details on a workaround if an upgrade is not possible.\"},{\"lang\":\"es\",\"value\":\"XStream es una biblioteca java de c\u00f3digo abierto para serializar objetos a XML y viceversa. Las versiones anteriores a 1.4.19, pueden permitir a un atacante remoto asignar el 100% del tiempo de la CPU en el sistema de destino, dependiendo del tipo de CPU o de la ejecuci\u00f3n en paralelo de dicha carga \u00fatil, resultando en una denegaci\u00f3n de servicio \u00fanicamente mediante la manipulaci\u00f3n del flujo de entrada procesado. XStream versi\u00f3n 1.4.19 monitoriza y acumula el tiempo que tarda en a\u00f1adir elementos a las colecciones y lanza una excepci\u00f3n si es superado un umbral establecido. Se recomienda a usuarios que actualicen lo antes posible. Los usuarios que no puedan actualizar pueden establecer el modo NO_REFERENCE para impedir una recursi\u00f3n. Ver GHSA-rmr5-cpv2-vgjf para m\u00e1s detalles sobre una medida de mitigaci\u00f3n adicional si una actualizaci\u00f3n no es posible\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.319.3\",\"matchCriteriaId\":\"1674952F-9FE6-41CE-8E95-820A8DAE11A2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.321\",\"versionEndExcluding\":\"2.334\",\"matchCriteriaId\":\"65D41C52-C269-4331-9046-00F632051EE5\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xstream:xstream:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.4.19\",\"matchCriteriaId\":\"DCA65796-3537-4CE0-A53E-5310EB9EE5CA\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A930E247-0B43-43CB-98FF-6CE7B8189835\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80E516C0-98A4-4ADE-B69F-66A772E2BAAA\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:commerce_guided_search:11.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2A3622F5-5976-4BBC-A147-FC8A6431EA79\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"12.0.0.4.6\",\"matchCriteriaId\":\"6894D860-000E-439D-8AB7-07E9B2ACC31B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12.0.0.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FD66C717-85E0-40E7-A51F-549C8196D557\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A4CA84D6-F312-4C29-A02B-050FCB7A902B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_diameter_intelligence_hub:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.0\",\"versionEndIncluding\":\"8.1.0\",\"matchCriteriaId\":\"B5B4A191-44AE-4C35-9164-19237D2CF013\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_diameter_intelligence_hub:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.2.0\",\"versionEndIncluding\":\"8.2.6\",\"matchCriteriaId\":\"2BF2D5AD-F582-453F-9946-23CDFC4EA729\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_policy_management:12.6.0.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"02AEDB9F-1040-4840-ACB6-8BF299886ACB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1B74B912-152D-4F38-9FC1-741D6D0B27FC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"490B2C44-CECD-4551-B04F-4076D0E053C7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEC41EB8-73B4-4BDF-9321-F34EC0BAF9E6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"48EFC111-B01B-4C34-87E4-D6B2C40C0122\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"073FEA23-E46A-4C73-9D29-95CFF4F5A59D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_xstore_point_of_service:20.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A69FB468-EAF3-4E67-95E7-DF92C281C1F1\"}]}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2022/02/09/1\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/x-stream/xstream/commit/e8e88621ba1c85ac3b8620337dd672e0c0c3a846\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/x-stream/xstream/security/advisories/GHSA-rmr5-cpv2-vgjf\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/02/msg00018.html\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VACQYG356OHUTD5WQGAQ4L2TTFTAV3SJ/\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XODFRE2ZL64FICBJDOPWOLPTSSAI4U7X/\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2022.html\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2022.html\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://x-stream.github.io/CVE-2021-43859.html\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/02/09/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/x-stream/xstream/commit/e8e88621ba1c85ac3b8620337dd672e0c0c3a846\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/x-stream/xstream/security/advisories/GHSA-rmr5-cpv2-vgjf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/02/msg00018.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/12/msg00023.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VACQYG356OHUTD5WQGAQ4L2TTFTAV3SJ/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XODFRE2ZL64FICBJDOPWOLPTSSAI4U7X/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2022.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2022.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://x-stream.github.io/CVE-2021-43859.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/x-stream/xstream/security/advisories/GHSA-rmr5-cpv2-vgjf\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://github.com/x-stream/xstream/commit/e8e88621ba1c85ac3b8620337dd672e0c0c3a846\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://x-stream.github.io/CVE-2021-43859.html\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/02/09/1\", \"name\": \"[oss-security] 20220209 Vulnerability in Jenkins\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XODFRE2ZL64FICBJDOPWOLPTSSAI4U7X/\", \"name\": \"FEDORA-2022-ad5cf1c0dd\", \"tags\": [\"vendor-advisory\", \"x_refsource_FEDORA\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VACQYG356OHUTD5WQGAQ4L2TTFTAV3SJ/\", \"name\": \"FEDORA-2022-983a78275c\", \"tags\": [\"vendor-advisory\", \"x_refsource_FEDORA\", \"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2022/02/msg00018.html\", \"name\": \"[debian-lts-announce] 20220215 [SECURITY] [DLA 2924-1] libxstream-java security update\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuapr2022.html\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujul2022.html\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/12/msg00023.html\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-03T21:45:34.625Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2021-43859\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-22T15:42:17.720370Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-22T15:42:19.624Z\"}}], \"cna\": {\"title\": \"Denial of Service by injecting highly recursive collections or maps in XStream\", \"source\": {\"advisory\": \"GHSA-rmr5-cpv2-vgjf\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"x-stream\", \"product\": \"xstream\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 1.4.19\"}]}], \"references\": [{\"url\": \"https://github.com/x-stream/xstream/security/advisories/GHSA-rmr5-cpv2-vgjf\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/x-stream/xstream/commit/e8e88621ba1c85ac3b8620337dd672e0c0c3a846\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://x-stream.github.io/CVE-2021-43859.html\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/02/09/1\", \"name\": \"[oss-security] 20220209 Vulnerability in Jenkins\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XODFRE2ZL64FICBJDOPWOLPTSSAI4U7X/\", \"name\": \"FEDORA-2022-ad5cf1c0dd\", \"tags\": [\"vendor-advisory\", \"x_refsource_FEDORA\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VACQYG356OHUTD5WQGAQ4L2TTFTAV3SJ/\", \"name\": \"FEDORA-2022-983a78275c\", \"tags\": [\"vendor-advisory\", \"x_refsource_FEDORA\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2022/02/msg00018.html\", \"name\": \"[debian-lts-announce] 20220215 [SECURITY] [DLA 2924-1] libxstream-java security update\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuapr2022.html\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujul2022.html\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"XStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. XStream 1.4.19 monitors and accumulates the time it takes to add elements to collections and throws an exception if a set threshold is exceeded. Users are advised to upgrade as soon as possible. Users unable to upgrade may set the NO_REFERENCE mode to prevent recursion. See GHSA-rmr5-cpv2-vgjf for further details on a workaround if an upgrade is not possible.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-400\", \"description\": \"CWE-400: Uncontrolled Resource Consumption\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2022-07-25T16:40:35.000Z\"}, \"x_legacyV4Record\": {\"impact\": {\"cvss\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, \"source\": {\"advisory\": \"GHSA-rmr5-cpv2-vgjf\", \"discovery\": \"UNKNOWN\"}, \"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"\u003c 1.4.19\"}]}, \"product_name\": \"xstream\"}]}, \"vendor_name\": \"x-stream\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://github.com/x-stream/xstream/security/advisories/GHSA-rmr5-cpv2-vgjf\", \"name\": \"https://github.com/x-stream/xstream/security/advisories/GHSA-rmr5-cpv2-vgjf\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://github.com/x-stream/xstream/commit/e8e88621ba1c85ac3b8620337dd672e0c0c3a846\", \"name\": \"https://github.com/x-stream/xstream/commit/e8e88621ba1c85ac3b8620337dd672e0c0c3a846\", \"refsource\": \"MISC\"}, {\"url\": \"https://x-stream.github.io/CVE-2021-43859.html\", \"name\": \"https://x-stream.github.io/CVE-2021-43859.html\", \"refsource\": \"MISC\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/02/09/1\", \"name\": \"[oss-security] 20220209 Vulnerability in Jenkins\", \"refsource\": \"MLIST\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XODFRE2ZL64FICBJDOPWOLPTSSAI4U7X/\", \"name\": \"FEDORA-2022-ad5cf1c0dd\", \"refsource\": \"FEDORA\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VACQYG356OHUTD5WQGAQ4L2TTFTAV3SJ/\", \"name\": \"FEDORA-2022-983a78275c\", \"refsource\": \"FEDORA\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2022/02/msg00018.html\", \"name\": \"[debian-lts-announce] 20220215 [SECURITY] [DLA 2924-1] libxstream-java security update\", \"refsource\": \"MLIST\"}, {\"url\": \"https://www.oracle.com/security-alerts/cpuapr2022.html\", \"name\": \"https://www.oracle.com/security-alerts/cpuapr2022.html\", \"refsource\": \"MISC\"}, {\"url\": \"https://www.oracle.com/security-alerts/cpujul2022.html\", \"name\": \"https://www.oracle.com/security-alerts/cpujul2022.html\", \"refsource\": \"MISC\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"XStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. XStream 1.4.19 monitors and accumulates the time it takes to add elements to collections and throws an exception if a set threshold is exceeded. Users are advised to upgrade as soon as possible. Users unable to upgrade may set the NO_REFERENCE mode to prevent recursion. See GHSA-rmr5-cpv2-vgjf for further details on a workaround if an upgrade is not possible.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"CWE-400: Uncontrolled Resource Consumption\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2021-43859\", \"STATE\": \"PUBLIC\", \"TITLE\": \"Denial of Service by injecting highly recursive collections or maps in XStream\", \"ASSIGNER\": \"security-advisories@github.com\"}}}}",
"cveMetadata": "{\"cveId\": \"CVE-2021-43859\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-03T21:45:34.625Z\", \"dateReserved\": \"2021-11-16T00:00:00.000Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2022-02-01T12:08:57.000Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Title
Уязвимость Java-библиотеки для преобразования объектов в XML или JSON формат Xstream, связанная с неконтролируемым расходом ресурсов, позволяющая нарушителю вызвать отказ в обслуживании
Description
Уязвимость Java-библиотеки для преобразования объектов в XML или JSON формат Xstream связана с неконтролируемым расходом ресурсов. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, вызвать отказ в обслуживании
Severity
Vendor
Сообщество свободного программного обеспечения, Red Hat Inc., Fedora Project, Novell Inc., Xstream Project, IBM Corp., АО «Концерн ВНИИНС»
Software Name
Debian GNU/Linux, OpenShift Container Platform, Jboss Fuse, Red Hat Descision Manager, CodeReady Studio, Data Grid, Fedora, Red Hat Integration Camel K, OpenSUSE Leap, Red Hat Integration Camel Quarkus, Red Hat Integration, XStream, IBM QRadar SIEM, ОС ОН «Стрелец» (запись в едином реестре российских программ №6177)
Software Version
9 (Debian GNU/Linux), 3.11 (OpenShift Container Platform), 7 (Jboss Fuse), 10 (Debian GNU/Linux), 7 (Red Hat Descision Manager), 4 (OpenShift Container Platform), 6 (Jboss Fuse), 12 (CodeReady Studio), 8 (Data Grid), 34 (Fedora), - (Red Hat Integration Camel K), 15.3 (OpenSUSE Leap), - (Red Hat Integration Camel Quarkus), 11 (Debian GNU/Linux), 35 (Fedora), - (Red Hat Integration), до 1.4.19 (XStream), от 7.3 до 7.3.3 Fix Pack 12 (IBM QRadar SIEM), от 7.4 до 7.4.3 Fix Pack 6 (IBM QRadar SIEM), от 7.5 до 7.5.0 Update Pack 2 (IBM QRadar SIEM), до 16.01.2023 (ОС ОН «Стрелец»)
Possible Mitigations
Использование рекомендаций:
Для Xstream:
https://github.com/x-stream/xstream/security/advisories/GHSA-rmr5-cpv2-vgjf
https://x-stream.github.io/CVE-2021-43859.html
https://github.com/x-stream/xstream/commit/e8e88621ba1c85ac3b8620337dd672e0c0c3a846
Для Debian GNU/Linux:
https://security-tracker.debian.org/tracker/CVE-2021-43859
https://lists.debian.org/debian-lts-announce/2022/02/msg00018.html
Для программных продуктов Red Hat Inc.:
https://access.redhat.com/security/cve/cve-2021-43859
Для программных продуктов Novell Inc.:
https://www.suse.com/security/cve/CVE-2021-43859.html
Для программных продуктов IBM Corp.:
https://www.ibm.com/support/pages/node/6614725
Для ОС ОН «Стрелец»:
Обновление программного обеспечения libxstream-java до версии 1.4.11.1-1+deb9u5
Reference
https://github.com/x-stream/xstream/security/advisories/GHSA-rmr5-cpv2-vgjf
https://x-stream.github.io/CVE-2021-43859.html
https://github.com/x-stream/xstream/commit/e8e88621ba1c85ac3b8620337dd672e0c0c3a846
https://security-tracker.debian.org/tracker/CVE-2021-43859
https://lists.debian.org/debian-lts-announce/2022/02/msg00018.html
https://access.redhat.com/security/cve/cve-2021-43859
https://www.suse.com/security/cve/CVE-2021-43859.html
https://www.ibm.com/support/pages/node/6614725
https://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023
CWE
CWE-400
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, Red Hat Inc., Fedora Project, Novell Inc., Xstream Project, IBM Corp., \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "9 (Debian GNU/Linux), 3.11 (OpenShift Container Platform), 7 (Jboss Fuse), 10 (Debian GNU/Linux), 7 (Red Hat Descision Manager), 4 (OpenShift Container Platform), 6 (Jboss Fuse), 12 (CodeReady Studio), 8 (Data Grid), 34 (Fedora), - (Red Hat Integration Camel K), 15.3 (OpenSUSE Leap), - (Red Hat Integration Camel Quarkus), 11 (Debian GNU/Linux), 35 (Fedora), - (Red Hat Integration), \u0434\u043e 1.4.19 (XStream), \u043e\u0442 7.3 \u0434\u043e 7.3.3 Fix Pack 12 (IBM QRadar SIEM), \u043e\u0442 7.4 \u0434\u043e 7.4.3 Fix Pack 6 (IBM QRadar SIEM), \u043e\u0442 7.5 \u0434\u043e 7.5.0 Update Pack 2 (IBM QRadar SIEM), \u0434\u043e 16.01.2023 (\u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f Xstream:\nhttps://github.com/x-stream/xstream/security/advisories/GHSA-rmr5-cpv2-vgjf\nhttps://x-stream.github.io/CVE-2021-43859.html\nhttps://github.com/x-stream/xstream/commit/e8e88621ba1c85ac3b8620337dd672e0c0c3a846\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://security-tracker.debian.org/tracker/CVE-2021-43859\nhttps://lists.debian.org/debian-lts-announce/2022/02/msg00018.html\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/security/cve/cve-2021-43859\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.:\nhttps://www.suse.com/security/cve/CVE-2021-43859.html\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 IBM Corp.:\nhttps://www.ibm.com/support/pages/node/6614725\n\n\u0414\u043b\u044f \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f libxstream-java \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 1.4.11.1-1+deb9u5",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "01.02.2022",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "21.11.2023",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "05.09.2022",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2022-05508",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2021-43859",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Debian GNU/Linux, OpenShift Container Platform, Jboss Fuse, Red Hat Descision Manager, CodeReady Studio, Data Grid, Fedora, Red Hat Integration Camel K, OpenSUSE Leap, Red Hat Integration Camel Quarkus, Red Hat Integration, XStream, IBM QRadar SIEM, \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 9 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , Fedora Project Fedora 34 , Novell Inc. OpenSUSE Leap 15.3 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 11 , Fedora Project Fedora 35 , \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb \u0434\u043e 16.01.2023 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c Java-\u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 \u0434\u043b\u044f \u043f\u0440\u0435\u043e\u0431\u0440\u0430\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u043e\u0431\u044a\u0435\u043a\u0442\u043e\u0432 \u0432 XML \u0438\u043b\u0438 JSON \u0444\u043e\u0440\u043c\u0430\u0442 Xstream, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0438\u0440\u0443\u0435\u043c\u044b\u043c \u0440\u0430\u0441\u0445\u043e\u0434\u043e\u043c \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0438\u0440\u0443\u0435\u043c\u044b\u0439 \u0440\u0430\u0441\u0445\u043e\u0434 \u0440\u0435\u0441\u0443\u0440\u0441\u0430 (\u00ab\u0418\u0441\u0442\u043e\u0449\u0435\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u00bb) (CWE-400)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c Java-\u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 \u0434\u043b\u044f \u043f\u0440\u0435\u043e\u0431\u0440\u0430\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u043e\u0431\u044a\u0435\u043a\u0442\u043e\u0432 \u0432 XML \u0438\u043b\u0438 JSON \u0444\u043e\u0440\u043c\u0430\u0442 Xstream \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0438\u0440\u0443\u0435\u043c\u044b\u043c \u0440\u0430\u0441\u0445\u043e\u0434\u043e\u043c \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0418\u0441\u0447\u0435\u0440\u043f\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://github.com/x-stream/xstream/security/advisories/GHSA-rmr5-cpv2-vgjf\nhttps://x-stream.github.io/CVE-2021-43859.html\nhttps://github.com/x-stream/xstream/commit/e8e88621ba1c85ac3b8620337dd672e0c0c3a846\nhttps://security-tracker.debian.org/tracker/CVE-2021-43859\nhttps://lists.debian.org/debian-lts-announce/2022/02/msg00018.html\nhttps://access.redhat.com/security/cve/cve-2021-43859\nhttps://www.suse.com/security/cve/CVE-2021-43859.html\nhttps://www.ibm.com/support/pages/node/6614725\nhttps://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c, \u041f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e \u0437\u0430\u0449\u0438\u0442\u044b",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-400",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)"
}
bit-jenkins-2021-43859
Vulnerability from bitnami_vulndb
Published
2025-05-26 07:13
Modified
2025-11-06 13:25
Summary
Denial of Service by injecting highly recursive collections or maps in XStream
Details
XStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. XStream 1.4.19 monitors and accumulates the time it takes to add elements to collections and throws an exception if a set threshold is exceeded. Users are advised to upgrade as soon as possible. Users unable to upgrade may set the NO_REFERENCE mode to prevent recursion. See GHSA-rmr5-cpv2-vgjf for further details on a workaround if an upgrade is not possible.
{
"affected": [
{
"package": {
"ecosystem": "Bitnami",
"name": "jenkins",
"purl": "pkg:bitnami/jenkins"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.319.3"
},
{
"introduced": "2.321.0"
},
{
"fixed": "2.334.0"
}
],
"type": "SEMVER"
}
],
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
],
"aliases": [
"CVE-2021-43859"
],
"database_specific": {
"cpes": [
"cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*"
],
"severity": "High"
},
"details": "XStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. XStream 1.4.19 monitors and accumulates the time it takes to add elements to collections and throws an exception if a set threshold is exceeded. Users are advised to upgrade as soon as possible. Users unable to upgrade may set the NO_REFERENCE mode to prevent recursion. See GHSA-rmr5-cpv2-vgjf for further details on a workaround if an upgrade is not possible.",
"id": "BIT-jenkins-2021-43859",
"modified": "2025-11-06T13:25:46.476Z",
"published": "2025-05-26T07:13:32.699Z",
"references": [
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2022/02/09/1"
},
{
"type": "WEB",
"url": "https://github.com/x-stream/xstream/commit/e8e88621ba1c85ac3b8620337dd672e0c0c3a846"
},
{
"type": "WEB",
"url": "https://github.com/x-stream/xstream/security/advisories/GHSA-rmr5-cpv2-vgjf"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00018.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VACQYG356OHUTD5WQGAQ4L2TTFTAV3SJ/"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XODFRE2ZL64FICBJDOPWOLPTSSAI4U7X/"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43859"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"type": "WEB",
"url": "https://x-stream.github.io/CVE-2021-43859.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00023.html"
}
],
"schema_version": "1.6.2",
"summary": "Denial of Service by injecting highly recursive collections or maps in XStream"
}
CERTFR-2022-AVI-597
Vulnerability from certfr_avis - Published: 2022-07-01 - Updated: 2022-07-01
De multiples vulnérabilités ont été découvertes dans IBM Spectrum Protect Plus. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM Spectrum Protect Plus versions 10.1.x ant\u00e9rieures \u00e0 10.1.11",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-3733",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3733"
},
{
"name": "CVE-2021-20254",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20254"
},
{
"name": "CVE-2021-23192",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23192"
},
{
"name": "CVE-2021-43859",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43859"
},
{
"name": "CVE-2022-0778",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0778"
},
{
"name": "CVE-2021-3712",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3712"
},
{
"name": "CVE-2020-25717",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25717"
}
],
"initial_release_date": "2022-07-01T00:00:00",
"last_revision_date": "2022-07-01T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-597",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-07-01T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans IBM Spectrum\nProtect Plus. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM Spectrum Protect Plus",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6596981 du 29 juin 2022",
"url": "https://www.ibm.com/support/pages/node/6596981"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6596973 du 29 juin 2022",
"url": "https://www.ibm.com/support/pages/node/6596973"
}
]
}
CERTFR-2022-AVI-767
Vulnerability from certfr_avis - Published: 2022-08-24 - Updated: 2022-08-24
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | QRadar SIEM | IBM QRadar SIEM versions 7.3.x antérieures à 7.3.3 Fix Pack 12 | ||
| IBM | QRadar SIEM | IBM QRadar SIEM versions 7.5.x antérieures à 7.5.0 Update Pack 2 | ||
| IBM | Spectrum | IBM Spectrum Discover versions antérieures à 2.0.4.7 | ||
| IBM | QRadar SIEM | IBM QRadar SIEM versions 7.4.x antérieures à 7.4.3 Fix Pack 6 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM QRadar SIEM versions 7.3.x ant\u00e9rieures \u00e0 7.3.3 Fix Pack 12",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM QRadar SIEM versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 Update Pack 2",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Discover versions ant\u00e9rieures \u00e0 2.0.4.7",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM QRadar SIEM versions 7.4.x ant\u00e9rieures \u00e0 7.4.3 Fix Pack 6",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-44906",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44906"
},
{
"name": "CVE-2021-20180",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20180"
},
{
"name": "CVE-2021-45960",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45960"
},
{
"name": "CVE-2022-24407",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24407"
},
{
"name": "CVE-2020-25658",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25658"
},
{
"name": "CVE-2020-15084",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15084"
},
{
"name": "CVE-2021-28169",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28169"
},
{
"name": "CVE-2021-3677",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3677"
},
{
"name": "CVE-2022-22823",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22823"
},
{
"name": "CVE-2022-24773",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24773"
},
{
"name": "CVE-2022-25315",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25315"
},
{
"name": "CVE-2022-22822",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22822"
},
{
"name": "CVE-2020-7720",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7720"
},
{
"name": "CVE-2022-24302",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24302"
},
{
"name": "CVE-2020-14330",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14330"
},
{
"name": "CVE-2021-42581",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42581"
},
{
"name": "CVE-2021-43138",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43138"
},
{
"name": "CVE-2021-28163",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28163"
},
{
"name": "CVE-2021-28165",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28165"
},
{
"name": "CVE-2022-23852",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23852"
},
{
"name": "CVE-2022-22825",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22825"
},
{
"name": "CVE-2021-4083",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4083"
},
{
"name": "CVE-2021-43859",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43859"
},
{
"name": "CVE-2022-25235",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25235"
},
{
"name": "CVE-2021-41496",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41496"
},
{
"name": "CVE-2021-46143",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46143"
},
{
"name": "CVE-2021-46462",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46462"
},
{
"name": "CVE-2021-22060",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22060"
},
{
"name": "CVE-2021-23386",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23386"
},
{
"name": "CVE-2022-0718",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0718"
},
{
"name": "CVE-2019-18874",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18874"
},
{
"name": "CVE-2022-22827",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22827"
},
{
"name": "CVE-2022-1214",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1214"
},
{
"name": "CVE-2022-24772",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24772"
},
{
"name": "CVE-2022-25236",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25236"
},
{
"name": "CVE-2022-22720",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22720"
},
{
"name": "CVE-2021-34429",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34429"
},
{
"name": "CVE-2022-0122",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0122"
},
{
"name": "CVE-2021-28164",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28164"
},
{
"name": "CVE-2022-22826",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22826"
},
{
"name": "CVE-2022-24771",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24771"
},
{
"name": "CVE-2021-44907",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44907"
},
{
"name": "CVE-2017-1000048",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000048"
},
{
"name": "CVE-2021-46461",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46461"
},
{
"name": "CVE-2022-22824",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22824"
},
{
"name": "CVE-2021-34141",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34141"
},
{
"name": "CVE-2020-13757",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13757"
},
{
"name": "CVE-2020-7598",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7598"
},
{
"name": "CVE-2021-3533",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3533"
},
{
"name": "CVE-2021-46463",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46463"
},
{
"name": "CVE-2017-16137",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-16137"
},
{
"name": "CVE-2022-26488",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26488"
},
{
"name": "CVE-2021-34428",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34428"
},
{
"name": "CVE-2020-28463",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28463"
}
],
"initial_release_date": "2022-08-24T00:00:00",
"last_revision_date": "2022-08-24T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-767",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-08-24T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6614909 du 23 ao\u00fbt 2022",
"url": "https://www.ibm.com/support/pages/node/6614909"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6614725 du 23 ao\u00fbt 2022",
"url": "https://www.ibm.com/support/pages/node/6614725"
}
]
}
FKIE_CVE-2021-43859
Vulnerability from fkie_nvd - Published: 2022-02-01 12:15 - Updated: 2025-11-03 22:15
Severity
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
XStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. XStream 1.4.19 monitors and accumulates the time it takes to add elements to collections and throws an exception if a set threshold is exceeded. Users are advised to upgrade as soon as possible. Users unable to upgrade may set the NO_REFERENCE mode to prevent recursion. See GHSA-rmr5-cpv2-vgjf for further details on a workaround if an upgrade is not possible.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| jenkins | jenkins | * | |
| jenkins | jenkins | * | |
| xstream | xstream | * | |
| fedoraproject | fedora | 34 | |
| fedoraproject | fedora | 35 | |
| debian | debian_linux | 9.0 | |
| oracle | commerce_guided_search | 11.3.2 | |
| oracle | communications_brm_-_elastic_charging_engine | * | |
| oracle | communications_brm_-_elastic_charging_engine | 12.0.0.5.0 | |
| oracle | communications_cloud_native_core_automated_test_suite | 1.9.0 | |
| oracle | communications_diameter_intelligence_hub | * | |
| oracle | communications_diameter_intelligence_hub | * | |
| oracle | communications_policy_management | 12.6.0.0.0 | |
| oracle | flexcube_private_banking | 12.1.0 | |
| oracle | retail_xstore_point_of_service | 16.0.6 | |
| oracle | retail_xstore_point_of_service | 17.0.4 | |
| oracle | retail_xstore_point_of_service | 18.0.3 | |
| oracle | retail_xstore_point_of_service | 19.0.2 | |
| oracle | retail_xstore_point_of_service | 20.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1674952F-9FE6-41CE-8E95-820A8DAE11A2",
"versionEndExcluding": "2.319.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*",
"matchCriteriaId": "65D41C52-C269-4331-9046-00F632051EE5",
"versionEndExcluding": "2.334",
"versionStartIncluding": "2.321",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xstream:xstream:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DCA65796-3537-4CE0-A53E-5310EB9EE5CA",
"versionEndExcluding": "1.4.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:commerce_guided_search:11.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2A3622F5-5976-4BBC-A147-FC8A6431EA79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6894D860-000E-439D-8AB7-07E9B2ACC31B",
"versionEndExcluding": "12.0.0.4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12.0.0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FD66C717-85E0-40E7-A51F-549C8196D557",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A4CA84D6-F312-4C29-A02B-050FCB7A902B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_diameter_intelligence_hub:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B5B4A191-44AE-4C35-9164-19237D2CF013",
"versionEndIncluding": "8.1.0",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_diameter_intelligence_hub:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2BF2D5AD-F582-453F-9946-23CDFC4EA729",
"versionEndIncluding": "8.2.6",
"versionStartIncluding": "8.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_policy_management:12.6.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "02AEDB9F-1040-4840-ACB6-8BF299886ACB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1B74B912-152D-4F38-9FC1-741D6D0B27FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "490B2C44-CECD-4551-B04F-4076D0E053C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DEC41EB8-73B4-4BDF-9321-F34EC0BAF9E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "48EFC111-B01B-4C34-87E4-D6B2C40C0122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "073FEA23-E46A-4C73-9D29-95CFF4F5A59D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:20.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A69FB468-EAF3-4E67-95E7-DF92C281C1F1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. XStream 1.4.19 monitors and accumulates the time it takes to add elements to collections and throws an exception if a set threshold is exceeded. Users are advised to upgrade as soon as possible. Users unable to upgrade may set the NO_REFERENCE mode to prevent recursion. See GHSA-rmr5-cpv2-vgjf for further details on a workaround if an upgrade is not possible."
},
{
"lang": "es",
"value": "XStream es una biblioteca java de c\u00f3digo abierto para serializar objetos a XML y viceversa. Las versiones anteriores a 1.4.19, pueden permitir a un atacante remoto asignar el 100% del tiempo de la CPU en el sistema de destino, dependiendo del tipo de CPU o de la ejecuci\u00f3n en paralelo de dicha carga \u00fatil, resultando en una denegaci\u00f3n de servicio \u00fanicamente mediante la manipulaci\u00f3n del flujo de entrada procesado. XStream versi\u00f3n 1.4.19 monitoriza y acumula el tiempo que tarda en a\u00f1adir elementos a las colecciones y lanza una excepci\u00f3n si es superado un umbral establecido. Se recomienda a usuarios que actualicen lo antes posible. Los usuarios que no puedan actualizar pueden establecer el modo NO_REFERENCE para impedir una recursi\u00f3n. Ver GHSA-rmr5-cpv2-vgjf para m\u00e1s detalles sobre una medida de mitigaci\u00f3n adicional si una actualizaci\u00f3n no es posible"
}
],
"id": "CVE-2021-43859",
"lastModified": "2025-11-03T22:15:52.883",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-01T12:15:08.080",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/02/09/1"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/x-stream/xstream/commit/e8e88621ba1c85ac3b8620337dd672e0c0c3a846"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/x-stream/xstream/security/advisories/GHSA-rmr5-cpv2-vgjf"
},
{
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00018.html"
},
{
"source": "security-advisories@github.com",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VACQYG356OHUTD5WQGAQ4L2TTFTAV3SJ/"
},
{
"source": "security-advisories@github.com",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XODFRE2ZL64FICBJDOPWOLPTSSAI4U7X/"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://x-stream.github.io/CVE-2021-43859.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/02/09/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/x-stream/xstream/commit/e8e88621ba1c85ac3b8620337dd672e0c0c3a846"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/x-stream/xstream/security/advisories/GHSA-rmr5-cpv2-vgjf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00018.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00023.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VACQYG356OHUTD5WQGAQ4L2TTFTAV3SJ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XODFRE2ZL64FICBJDOPWOLPTSSAI4U7X/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://x-stream.github.io/CVE-2021-43859.html"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-RMR5-CPV2-VGJF
Vulnerability from github – Published: 2022-02-01 00:48 – Updated: 2025-11-04 16:34
VLAI
Summary
Denial of Service by injecting highly recursive collections or maps in XStream
Details
Impact
The vulnerability may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream.
Patches
XStream 1.4.19 monitors and accumulates the time it takes to add elements to collections and throws an exception if a set threshold is exceeded.
Workarounds
The attack uses the hash code implementation for collections and maps to force an exponential calculation time due to highly recursive structures with in the collection or map. Following types of the Java runtime are affected in Java versions available in December 2021:
- java.util.HashMap
- java.util.HashSet
- java.util.Hashtable
- java.util.LinkedHashMap
- java.util.LinkedHashSet
- java.util.Stack (older Java revisions only)
- java.util.Vector (older Java revisions only)
- Other third party collection implementations that use their element's hash code may also be affected
If your object graph does not use referenced elements at all, you may simply set the NO_REFERENCE mode:
XStream xstream = new XStream();
xstream.setMode(XStream.NO_REFERENCES);
If your object graph contains neither a Hashtable, HashMap nor a HashSet (or one of the linked variants of it) then you can use the security framework to deny the usage of these types:
XStream xstream = new XStream();
xstream.denyTypes(new Class[]{
java.util.HashMap.class, java.util.HashSet.class, java.util.Hashtable.class, java.util.LinkedHashMap.class, java.util.LinkedHashSet.class
});
Unfortunately these types are very common. If you only use HashMap or HashSet and your XML refers these only as default map or set, you may additionally change the default implementation of java.util.Map and java.util.Set at unmarshalling time::
xstream.addDefaultImplementation(java.util.TreeMap.class, java.util.Map.class);
xstream.addDefaultImplementation(java.util.TreeSet.class, java.util.Set.class);
However, this implies that your application does not care about the implementation of the map and all elements are comparable.
References
See full information about the nature of the vulnerability and the steps to reproduce it in XStream's documentation for CVE-2021-43859.
Credits
The vulnerability was discovered and reported by r00t4dm at Cloud-Penetrating Arrow Lab.
For more information
If you have any questions or comments about this advisory: * Open an issue in XStream * Contact us at XStream Google Group
Severity
7.5 (High)
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "com.thoughtworks.xstream:xstream"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.4.19"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-43859"
],
"database_specific": {
"cwe_ids": [
"CWE-400",
"CWE-502"
],
"github_reviewed": true,
"github_reviewed_at": "2022-01-31T20:12:15Z",
"nvd_published_at": "2022-02-01T12:15:00Z",
"severity": "HIGH"
},
"details": "### Impact\nThe vulnerability may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream.\n\n### Patches\nXStream 1.4.19 monitors and accumulates the time it takes to add elements to collections and throws an exception if a set threshold is exceeded.\n\n### Workarounds\nThe attack uses the hash code implementation for collections and maps to force an exponential calculation time due to highly recursive structures with in the collection or map. Following types of the Java runtime are affected in Java versions available in December 2021:\n\n- java.util.HashMap\n- java.util.HashSet\n- java.util.Hashtable\n- java.util.LinkedHashMap\n- java.util.LinkedHashSet\n- java.util.Stack (older Java revisions only)\n- java.util.Vector (older Java revisions only)\n- Other third party collection implementations that use their element\u0027s hash code may also be affected\n\nIf your object graph does not use referenced elements at all, you may simply set the NO_REFERENCE mode:\n```Java\nXStream xstream = new XStream();\nxstream.setMode(XStream.NO_REFERENCES);\n```\n\nIf your object graph contains neither a Hashtable, HashMap nor a HashSet (or one of the linked variants of it) then you can use the security framework to deny the usage of these types:\n```Java\nXStream xstream = new XStream();\nxstream.denyTypes(new Class[]{\n java.util.HashMap.class, java.util.HashSet.class, java.util.Hashtable.class, java.util.LinkedHashMap.class, java.util.LinkedHashSet.class\n});\n```\n\nUnfortunately these types are very common. If you only use HashMap or HashSet and your XML refers these only as default map or set, you may additionally change the default implementation of java.util.Map and java.util.Set at unmarshalling time::\n```Java\nxstream.addDefaultImplementation(java.util.TreeMap.class, java.util.Map.class);\nxstream.addDefaultImplementation(java.util.TreeSet.class, java.util.Set.class);\n```\nHowever, this implies that your application does not care about the implementation of the map and all elements are comparable.\n\n### References\nSee full information about the nature of the vulnerability and the steps to reproduce it in XStream\u0027s documentation for [CVE-2021-43859](https://x-stream.github.io/CVE-2021-43859.html).\n\n### Credits\nThe vulnerability was discovered and reported by r00t4dm at Cloud-Penetrating Arrow Lab.\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [XStream](https://github.com/x-stream/xstream/issues)\n* Contact us at [XStream Google Group](https://groups.google.com/group/xstream-user)",
"id": "GHSA-rmr5-cpv2-vgjf",
"modified": "2025-11-04T16:34:34Z",
"published": "2022-02-01T00:48:15Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/x-stream/xstream/security/advisories/GHSA-rmr5-cpv2-vgjf"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43859"
},
{
"type": "WEB",
"url": "https://github.com/x-stream/xstream/commit/e8e88621ba1c85ac3b8620337dd672e0c0c3a846"
},
{
"type": "WEB",
"url": "https://github.com/x-stream/xstream"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00018.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00023.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VACQYG356OHUTD5WQGAQ4L2TTFTAV3SJ"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XODFRE2ZL64FICBJDOPWOLPTSSAI4U7X"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VACQYG356OHUTD5WQGAQ4L2TTFTAV3SJ"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XODFRE2ZL64FICBJDOPWOLPTSSAI4U7X"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"type": "WEB",
"url": "https://x-stream.github.io/CVE-2021-43859.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2022/02/09/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Denial of Service by injecting highly recursive collections or maps in XStream"
}
GSD-2021-43859
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
XStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. XStream 1.4.19 monitors and accumulates the time it takes to add elements to collections and throws an exception if a set threshold is exceeded. Users are advised to upgrade as soon as possible. Users unable to upgrade may set the NO_REFERENCE mode to prevent recursion. See GHSA-rmr5-cpv2-vgjf for further details on a workaround if an upgrade is not possible.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2021-43859",
"description": "XStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. XStream 1.4.19 monitors and accumulates the time it takes to add elements to collections and throws an exception if a set threshold is exceeded. Users are advised to upgrade as soon as possible. Users unable to upgrade may set the NO_REFERENCE mode to prevent recursion. See GHSA-rmr5-cpv2-vgjf for further details on a workaround if an upgrade is not possible.",
"id": "GSD-2021-43859",
"references": [
"https://www.suse.com/security/cve/CVE-2021-43859.html",
"https://access.redhat.com/errata/RHSA-2022:1420",
"https://access.redhat.com/errata/RHSA-2022:5532",
"https://access.redhat.com/errata/RHSA-2022:5606"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2021-43859"
],
"details": "XStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. XStream 1.4.19 monitors and accumulates the time it takes to add elements to collections and throws an exception if a set threshold is exceeded. Users are advised to upgrade as soon as possible. Users unable to upgrade may set the NO_REFERENCE mode to prevent recursion. See GHSA-rmr5-cpv2-vgjf for further details on a workaround if an upgrade is not possible.",
"id": "GSD-2021-43859",
"modified": "2023-12-13T01:23:26.105520Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-43859",
"STATE": "PUBLIC",
"TITLE": "Denial of Service by injecting highly recursive collections or maps in XStream"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "xstream",
"version": {
"version_data": [
{
"version_value": "\u003c 1.4.19"
}
]
}
}
]
},
"vendor_name": "x-stream"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. XStream 1.4.19 monitors and accumulates the time it takes to add elements to collections and throws an exception if a set threshold is exceeded. Users are advised to upgrade as soon as possible. Users unable to upgrade may set the NO_REFERENCE mode to prevent recursion. See GHSA-rmr5-cpv2-vgjf for further details on a workaround if an upgrade is not possible."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400: Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/x-stream/xstream/security/advisories/GHSA-rmr5-cpv2-vgjf",
"refsource": "CONFIRM",
"url": "https://github.com/x-stream/xstream/security/advisories/GHSA-rmr5-cpv2-vgjf"
},
{
"name": "https://github.com/x-stream/xstream/commit/e8e88621ba1c85ac3b8620337dd672e0c0c3a846",
"refsource": "MISC",
"url": "https://github.com/x-stream/xstream/commit/e8e88621ba1c85ac3b8620337dd672e0c0c3a846"
},
{
"name": "https://x-stream.github.io/CVE-2021-43859.html",
"refsource": "MISC",
"url": "https://x-stream.github.io/CVE-2021-43859.html"
},
{
"name": "[oss-security] 20220209 Vulnerability in Jenkins",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2022/02/09/1"
},
{
"name": "FEDORA-2022-ad5cf1c0dd",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XODFRE2ZL64FICBJDOPWOLPTSSAI4U7X/"
},
{
"name": "FEDORA-2022-983a78275c",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VACQYG356OHUTD5WQGAQ4L2TTFTAV3SJ/"
},
{
"name": "[debian-lts-announce] 20220215 [SECURITY] [DLA 2924-1] libxstream-java security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00018.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
]
},
"source": {
"advisory": "GHSA-rmr5-cpv2-vgjf",
"discovery": "UNKNOWN"
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "(,1.4.19)",
"affected_versions": "All versions before 1.4.19",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-400",
"CWE-937"
],
"date": "2022-08-09",
"description": "XStream is an open source java library to serialize objects to XML and back again. may allow a remote attacker to allocate % CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. XStream monitors and accumulates the time it takes to add elements to collections and throws an exception if a set threshold is exceeded. Users are advised to upgrade as soon as possible. Users unable to upgrade may set the NO_REFERENCE mode to prevent recursion. See GHSA-rmr5-cpv2-vgjf for further details on a workaround if an upgrade is not possible.",
"fixed_versions": [
"1.4.19"
],
"identifier": "CVE-2021-43859",
"identifiers": [
"CVE-2021-43859",
"GHSA-rmr5-cpv2-vgjf"
],
"not_impacted": "All versions starting from 1.4.19",
"package_slug": "maven/com.thoughtworks.xstream/xstream",
"pubdate": "2022-02-01",
"solution": "Upgrade to version 1.4.19 or above.",
"title": "Deserialization of Untrusted Data",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2021-43859",
"https://github.com/x-stream/xstream/security/advisories/GHSA-rmr5-cpv2-vgjf",
"https://x-stream.github.io/CVE-2021-43859.html",
"https://github.com/x-stream/xstream/commit/e8e88621ba1c85ac3b8620337dd672e0c0c3a846"
],
"uuid": "8a90784d-bd40-4481-87dd-de100baf4ff3"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:xstream_project:xstream:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.4.19",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:commerce_guided_search:11.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:20.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_policy_management:12.6.0.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_intelligence_hub:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.6",
"versionStartIncluding": "8.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_intelligence_hub:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.1.0",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12.0.0.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "12.0.0.4.6",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-43859"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "XStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. XStream 1.4.19 monitors and accumulates the time it takes to add elements to collections and throws an exception if a set threshold is exceeded. Users are advised to upgrade as soon as possible. Users unable to upgrade may set the NO_REFERENCE mode to prevent recursion. See GHSA-rmr5-cpv2-vgjf for further details on a workaround if an upgrade is not possible."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/x-stream/xstream/security/advisories/GHSA-rmr5-cpv2-vgjf",
"refsource": "CONFIRM",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/x-stream/xstream/security/advisories/GHSA-rmr5-cpv2-vgjf"
},
{
"name": "https://x-stream.github.io/CVE-2021-43859.html",
"refsource": "MISC",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://x-stream.github.io/CVE-2021-43859.html"
},
{
"name": "https://github.com/x-stream/xstream/commit/e8e88621ba1c85ac3b8620337dd672e0c0c3a846",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/x-stream/xstream/commit/e8e88621ba1c85ac3b8620337dd672e0c0c3a846"
},
{
"name": "[oss-security] 20220209 Vulnerability in Jenkins",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/02/09/1"
},
{
"name": "FEDORA-2022-ad5cf1c0dd",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XODFRE2ZL64FICBJDOPWOLPTSSAI4U7X/"
},
{
"name": "FEDORA-2022-983a78275c",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VACQYG356OHUTD5WQGAQ4L2TTFTAV3SJ/"
},
{
"name": "[debian-lts-announce] 20220215 [SECURITY] [DLA 2924-1] libxstream-java security update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00018.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "N/A",
"refsource": "N/A",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
},
"lastModifiedDate": "2022-08-09T00:40Z",
"publishedDate": "2022-02-01T12:15Z"
}
}
}
OPENSUSE-SU-2022:0817-1
Vulnerability from csaf_opensuse - Published: 2022-03-14 09:22 - Updated: 2022-03-14 09:22Summary
Security update for xstream
Severity
Moderate
Notes
Title of the patch: Security update for xstream
Description of the patch: This update for xstream fixes the following issues:
- CVE-2021-43859: Fixed a denial of service when unmarshalling highly recursive collections or maps (bsc#1195458).
Patchnames: openSUSE-SLE-15.3-2022-817,openSUSE-SLE-15.4-2022-817
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:xstream-1.4.19-3.18.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xstream-benchmark-1.4.19-3.18.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xstream-javadoc-1.4.19-3.18.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xstream-parent-1.4.19-3.18.2.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
References
8 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for xstream",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for xstream fixes the following issues:\n \n- CVE-2021-43859: Fixed a denial of service when unmarshalling highly recursive collections or maps (bsc#1195458).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-SLE-15.3-2022-817,openSUSE-SLE-15.4-2022-817",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2022_0817-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2022:0817-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BZZMZMEXJXNF2NQNIXETAFBVRAZVIVSO/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2022:0817-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BZZMZMEXJXNF2NQNIXETAFBVRAZVIVSO/"
},
{
"category": "self",
"summary": "SUSE Bug 1195458",
"url": "https://bugzilla.suse.com/1195458"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-43859 page",
"url": "https://www.suse.com/security/cve/CVE-2021-43859/"
}
],
"title": "Security update for xstream",
"tracking": {
"current_release_date": "2022-03-14T09:22:57Z",
"generator": {
"date": "2022-03-14T09:22:57Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2022:0817-1",
"initial_release_date": "2022-03-14T09:22:57Z",
"revision_history": [
{
"date": "2022-03-14T09:22:57Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "xstream-1.4.19-3.18.2.noarch",
"product": {
"name": "xstream-1.4.19-3.18.2.noarch",
"product_id": "xstream-1.4.19-3.18.2.noarch"
}
},
{
"category": "product_version",
"name": "xstream-benchmark-1.4.19-3.18.2.noarch",
"product": {
"name": "xstream-benchmark-1.4.19-3.18.2.noarch",
"product_id": "xstream-benchmark-1.4.19-3.18.2.noarch"
}
},
{
"category": "product_version",
"name": "xstream-javadoc-1.4.19-3.18.2.noarch",
"product": {
"name": "xstream-javadoc-1.4.19-3.18.2.noarch",
"product_id": "xstream-javadoc-1.4.19-3.18.2.noarch"
}
},
{
"category": "product_version",
"name": "xstream-parent-1.4.19-3.18.2.noarch",
"product": {
"name": "xstream-parent-1.4.19-3.18.2.noarch",
"product_id": "xstream-parent-1.4.19-3.18.2.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.3",
"product": {
"name": "openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "xstream-1.4.19-3.18.2.noarch as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:xstream-1.4.19-3.18.2.noarch"
},
"product_reference": "xstream-1.4.19-3.18.2.noarch",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xstream-benchmark-1.4.19-3.18.2.noarch as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:xstream-benchmark-1.4.19-3.18.2.noarch"
},
"product_reference": "xstream-benchmark-1.4.19-3.18.2.noarch",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xstream-javadoc-1.4.19-3.18.2.noarch as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:xstream-javadoc-1.4.19-3.18.2.noarch"
},
"product_reference": "xstream-javadoc-1.4.19-3.18.2.noarch",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xstream-parent-1.4.19-3.18.2.noarch as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:xstream-parent-1.4.19-3.18.2.noarch"
},
"product_reference": "xstream-parent-1.4.19-3.18.2.noarch",
"relates_to_product_reference": "openSUSE Leap 15.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-43859",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-43859"
}
],
"notes": [
{
"category": "general",
"text": "XStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. XStream 1.4.19 monitors and accumulates the time it takes to add elements to collections and throws an exception if a set threshold is exceeded. Users are advised to upgrade as soon as possible. Users unable to upgrade may set the NO_REFERENCE mode to prevent recursion. See GHSA-rmr5-cpv2-vgjf for further details on a workaround if an upgrade is not possible.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:xstream-1.4.19-3.18.2.noarch",
"openSUSE Leap 15.3:xstream-benchmark-1.4.19-3.18.2.noarch",
"openSUSE Leap 15.3:xstream-javadoc-1.4.19-3.18.2.noarch",
"openSUSE Leap 15.3:xstream-parent-1.4.19-3.18.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-43859",
"url": "https://www.suse.com/security/cve/CVE-2021-43859"
},
{
"category": "external",
"summary": "SUSE Bug 1195458 for CVE-2021-43859",
"url": "https://bugzilla.suse.com/1195458"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:xstream-1.4.19-3.18.2.noarch",
"openSUSE Leap 15.3:xstream-benchmark-1.4.19-3.18.2.noarch",
"openSUSE Leap 15.3:xstream-javadoc-1.4.19-3.18.2.noarch",
"openSUSE Leap 15.3:xstream-parent-1.4.19-3.18.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:xstream-1.4.19-3.18.2.noarch",
"openSUSE Leap 15.3:xstream-benchmark-1.4.19-3.18.2.noarch",
"openSUSE Leap 15.3:xstream-javadoc-1.4.19-3.18.2.noarch",
"openSUSE Leap 15.3:xstream-parent-1.4.19-3.18.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-03-14T09:22:57Z",
"details": "moderate"
}
],
"title": "CVE-2021-43859"
}
]
}
OPENSUSE-SU-2024:11809-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
xstream-1.4.19-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: xstream-1.4.19-1.1 on GA media
Description of the patch: These are all security issues fixed in the xstream-1.4.19-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-11809
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.5 (Medium)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:xstream-1.4.19-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xstream-1.4.19-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xstream-1.4.19-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xstream-1.4.19-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xstream-benchmark-1.4.19-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xstream-benchmark-1.4.19-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xstream-benchmark-1.4.19-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xstream-benchmark-1.4.19-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xstream-javadoc-1.4.19-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xstream-javadoc-1.4.19-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xstream-javadoc-1.4.19-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xstream-javadoc-1.4.19-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xstream-parent-1.4.19-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xstream-parent-1.4.19-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xstream-parent-1.4.19-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xstream-parent-1.4.19-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
5 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "xstream-1.4.19-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the xstream-1.4.19-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-11809",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11809-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-43859 page",
"url": "https://www.suse.com/security/cve/CVE-2021-43859/"
}
],
"title": "xstream-1.4.19-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:11809-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "xstream-1.4.19-1.1.aarch64",
"product": {
"name": "xstream-1.4.19-1.1.aarch64",
"product_id": "xstream-1.4.19-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "xstream-benchmark-1.4.19-1.1.aarch64",
"product": {
"name": "xstream-benchmark-1.4.19-1.1.aarch64",
"product_id": "xstream-benchmark-1.4.19-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "xstream-javadoc-1.4.19-1.1.aarch64",
"product": {
"name": "xstream-javadoc-1.4.19-1.1.aarch64",
"product_id": "xstream-javadoc-1.4.19-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "xstream-parent-1.4.19-1.1.aarch64",
"product": {
"name": "xstream-parent-1.4.19-1.1.aarch64",
"product_id": "xstream-parent-1.4.19-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "xstream-1.4.19-1.1.ppc64le",
"product": {
"name": "xstream-1.4.19-1.1.ppc64le",
"product_id": "xstream-1.4.19-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "xstream-benchmark-1.4.19-1.1.ppc64le",
"product": {
"name": "xstream-benchmark-1.4.19-1.1.ppc64le",
"product_id": "xstream-benchmark-1.4.19-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "xstream-javadoc-1.4.19-1.1.ppc64le",
"product": {
"name": "xstream-javadoc-1.4.19-1.1.ppc64le",
"product_id": "xstream-javadoc-1.4.19-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "xstream-parent-1.4.19-1.1.ppc64le",
"product": {
"name": "xstream-parent-1.4.19-1.1.ppc64le",
"product_id": "xstream-parent-1.4.19-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "xstream-1.4.19-1.1.s390x",
"product": {
"name": "xstream-1.4.19-1.1.s390x",
"product_id": "xstream-1.4.19-1.1.s390x"
}
},
{
"category": "product_version",
"name": "xstream-benchmark-1.4.19-1.1.s390x",
"product": {
"name": "xstream-benchmark-1.4.19-1.1.s390x",
"product_id": "xstream-benchmark-1.4.19-1.1.s390x"
}
},
{
"category": "product_version",
"name": "xstream-javadoc-1.4.19-1.1.s390x",
"product": {
"name": "xstream-javadoc-1.4.19-1.1.s390x",
"product_id": "xstream-javadoc-1.4.19-1.1.s390x"
}
},
{
"category": "product_version",
"name": "xstream-parent-1.4.19-1.1.s390x",
"product": {
"name": "xstream-parent-1.4.19-1.1.s390x",
"product_id": "xstream-parent-1.4.19-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "xstream-1.4.19-1.1.x86_64",
"product": {
"name": "xstream-1.4.19-1.1.x86_64",
"product_id": "xstream-1.4.19-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "xstream-benchmark-1.4.19-1.1.x86_64",
"product": {
"name": "xstream-benchmark-1.4.19-1.1.x86_64",
"product_id": "xstream-benchmark-1.4.19-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "xstream-javadoc-1.4.19-1.1.x86_64",
"product": {
"name": "xstream-javadoc-1.4.19-1.1.x86_64",
"product_id": "xstream-javadoc-1.4.19-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "xstream-parent-1.4.19-1.1.x86_64",
"product": {
"name": "xstream-parent-1.4.19-1.1.x86_64",
"product_id": "xstream-parent-1.4.19-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "xstream-1.4.19-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xstream-1.4.19-1.1.aarch64"
},
"product_reference": "xstream-1.4.19-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xstream-1.4.19-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xstream-1.4.19-1.1.ppc64le"
},
"product_reference": "xstream-1.4.19-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xstream-1.4.19-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xstream-1.4.19-1.1.s390x"
},
"product_reference": "xstream-1.4.19-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xstream-1.4.19-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xstream-1.4.19-1.1.x86_64"
},
"product_reference": "xstream-1.4.19-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xstream-benchmark-1.4.19-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xstream-benchmark-1.4.19-1.1.aarch64"
},
"product_reference": "xstream-benchmark-1.4.19-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xstream-benchmark-1.4.19-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xstream-benchmark-1.4.19-1.1.ppc64le"
},
"product_reference": "xstream-benchmark-1.4.19-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xstream-benchmark-1.4.19-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xstream-benchmark-1.4.19-1.1.s390x"
},
"product_reference": "xstream-benchmark-1.4.19-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xstream-benchmark-1.4.19-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xstream-benchmark-1.4.19-1.1.x86_64"
},
"product_reference": "xstream-benchmark-1.4.19-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xstream-javadoc-1.4.19-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xstream-javadoc-1.4.19-1.1.aarch64"
},
"product_reference": "xstream-javadoc-1.4.19-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xstream-javadoc-1.4.19-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xstream-javadoc-1.4.19-1.1.ppc64le"
},
"product_reference": "xstream-javadoc-1.4.19-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xstream-javadoc-1.4.19-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xstream-javadoc-1.4.19-1.1.s390x"
},
"product_reference": "xstream-javadoc-1.4.19-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xstream-javadoc-1.4.19-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xstream-javadoc-1.4.19-1.1.x86_64"
},
"product_reference": "xstream-javadoc-1.4.19-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xstream-parent-1.4.19-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xstream-parent-1.4.19-1.1.aarch64"
},
"product_reference": "xstream-parent-1.4.19-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xstream-parent-1.4.19-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xstream-parent-1.4.19-1.1.ppc64le"
},
"product_reference": "xstream-parent-1.4.19-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xstream-parent-1.4.19-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xstream-parent-1.4.19-1.1.s390x"
},
"product_reference": "xstream-parent-1.4.19-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xstream-parent-1.4.19-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xstream-parent-1.4.19-1.1.x86_64"
},
"product_reference": "xstream-parent-1.4.19-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-43859",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-43859"
}
],
"notes": [
{
"category": "general",
"text": "XStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. XStream 1.4.19 monitors and accumulates the time it takes to add elements to collections and throws an exception if a set threshold is exceeded. Users are advised to upgrade as soon as possible. Users unable to upgrade may set the NO_REFERENCE mode to prevent recursion. See GHSA-rmr5-cpv2-vgjf for further details on a workaround if an upgrade is not possible.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:xstream-1.4.19-1.1.aarch64",
"openSUSE Tumbleweed:xstream-1.4.19-1.1.ppc64le",
"openSUSE Tumbleweed:xstream-1.4.19-1.1.s390x",
"openSUSE Tumbleweed:xstream-1.4.19-1.1.x86_64",
"openSUSE Tumbleweed:xstream-benchmark-1.4.19-1.1.aarch64",
"openSUSE Tumbleweed:xstream-benchmark-1.4.19-1.1.ppc64le",
"openSUSE Tumbleweed:xstream-benchmark-1.4.19-1.1.s390x",
"openSUSE Tumbleweed:xstream-benchmark-1.4.19-1.1.x86_64",
"openSUSE Tumbleweed:xstream-javadoc-1.4.19-1.1.aarch64",
"openSUSE Tumbleweed:xstream-javadoc-1.4.19-1.1.ppc64le",
"openSUSE Tumbleweed:xstream-javadoc-1.4.19-1.1.s390x",
"openSUSE Tumbleweed:xstream-javadoc-1.4.19-1.1.x86_64",
"openSUSE Tumbleweed:xstream-parent-1.4.19-1.1.aarch64",
"openSUSE Tumbleweed:xstream-parent-1.4.19-1.1.ppc64le",
"openSUSE Tumbleweed:xstream-parent-1.4.19-1.1.s390x",
"openSUSE Tumbleweed:xstream-parent-1.4.19-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-43859",
"url": "https://www.suse.com/security/cve/CVE-2021-43859"
},
{
"category": "external",
"summary": "SUSE Bug 1195458 for CVE-2021-43859",
"url": "https://bugzilla.suse.com/1195458"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:xstream-1.4.19-1.1.aarch64",
"openSUSE Tumbleweed:xstream-1.4.19-1.1.ppc64le",
"openSUSE Tumbleweed:xstream-1.4.19-1.1.s390x",
"openSUSE Tumbleweed:xstream-1.4.19-1.1.x86_64",
"openSUSE Tumbleweed:xstream-benchmark-1.4.19-1.1.aarch64",
"openSUSE Tumbleweed:xstream-benchmark-1.4.19-1.1.ppc64le",
"openSUSE Tumbleweed:xstream-benchmark-1.4.19-1.1.s390x",
"openSUSE Tumbleweed:xstream-benchmark-1.4.19-1.1.x86_64",
"openSUSE Tumbleweed:xstream-javadoc-1.4.19-1.1.aarch64",
"openSUSE Tumbleweed:xstream-javadoc-1.4.19-1.1.ppc64le",
"openSUSE Tumbleweed:xstream-javadoc-1.4.19-1.1.s390x",
"openSUSE Tumbleweed:xstream-javadoc-1.4.19-1.1.x86_64",
"openSUSE Tumbleweed:xstream-parent-1.4.19-1.1.aarch64",
"openSUSE Tumbleweed:xstream-parent-1.4.19-1.1.ppc64le",
"openSUSE Tumbleweed:xstream-parent-1.4.19-1.1.s390x",
"openSUSE Tumbleweed:xstream-parent-1.4.19-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:xstream-1.4.19-1.1.aarch64",
"openSUSE Tumbleweed:xstream-1.4.19-1.1.ppc64le",
"openSUSE Tumbleweed:xstream-1.4.19-1.1.s390x",
"openSUSE Tumbleweed:xstream-1.4.19-1.1.x86_64",
"openSUSE Tumbleweed:xstream-benchmark-1.4.19-1.1.aarch64",
"openSUSE Tumbleweed:xstream-benchmark-1.4.19-1.1.ppc64le",
"openSUSE Tumbleweed:xstream-benchmark-1.4.19-1.1.s390x",
"openSUSE Tumbleweed:xstream-benchmark-1.4.19-1.1.x86_64",
"openSUSE Tumbleweed:xstream-javadoc-1.4.19-1.1.aarch64",
"openSUSE Tumbleweed:xstream-javadoc-1.4.19-1.1.ppc64le",
"openSUSE Tumbleweed:xstream-javadoc-1.4.19-1.1.s390x",
"openSUSE Tumbleweed:xstream-javadoc-1.4.19-1.1.x86_64",
"openSUSE Tumbleweed:xstream-parent-1.4.19-1.1.aarch64",
"openSUSE Tumbleweed:xstream-parent-1.4.19-1.1.ppc64le",
"openSUSE Tumbleweed:xstream-parent-1.4.19-1.1.s390x",
"openSUSE Tumbleweed:xstream-parent-1.4.19-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-43859"
}
]
}
RHSA-2022:1420
Vulnerability from csaf_redhat - Published: 2022-04-27 07:44 - Updated: 2026-03-21 04:24Summary
Red Hat Security Advisory: OpenShift Container Platform 3.11.685 security and bug fix update
Severity
Important
Notes
Topic: Red Hat OpenShift Container Platform release 3.11.685 is now available with
updates to packages and images that fix several bugs and add enhancements.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.
This advisory contains the RPM packages for Red Hat OpenShift Container
Platform 3.11.685. See the following advisory for the container images for this release:
https://access.redhat.com/errata/RHBA-2022:1421
Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:
https://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html
Security Fix(es):
* workflow-cps: OS command execution through crafted SCM contents (CVE-2022-25173)
* workflow-cps-global-lib: OS command execution through crafted SCM contents (CVE-2022-25174)
* workflow-multibranch: OS command execution through crafted SCM contents (CVE-2022-25175)
* workflow-cps-global-lib: Sandbox bypass vulnerability (CVE-2022-25181)
* workflow-cps-global-lib: Sandbox bypass vulnerability (CVE-2022-25182)
* workflow-cps-global-lib: Sandbox bypass vulnerability (CVE-2022-25183)
* xstream: Injecting highly recursive collections or maps can cause a DoS (CVE-2021-43859)
* workflow-cps: Pipeline-related plugins follow symbolic links or do not limit path names (CVE-2022-25176)
* workflow-cps-global-lib: Pipeline-related plugins follow symbolic links or do not limit path names (CVE-2022-25177)
* workflow-cps-global-lib: Pipeline-related plugins follow symbolic links or do not limit path names (CVE-2022-25178)
* workflow-multibranch: Pipeline-related plugins follow symbolic links or do not limit path names (CVE-2022-25179)
* workflow-cps: Password parameters are included from the original build in replayed builds (CVE-2022-25180)
* pipeline-build-step: Password parameter default values exposed (CVE-2022-25184)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
XStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. XStream 1.4.19 monitors and accumulates the time it takes to add elements to collections and throws an exception if a set threshold is exceeded. Users are advised to upgrade as soon as possible. Users unable to upgrade may set the NO_REFERENCE mode to prevent recursion. See GHSA-rmr5-cpv2-vgjf for further details on a workaround if an upgrade is not possible.
7.5 (High)
Affected products
Fixed
2 products
Known not affected
80 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.685-1.g13de638.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.685-1.g609cd20.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.685-1.g99aae51.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1650371376-1.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1650371376-1.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.685-1.git.0.a9090ac.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.685-1.git.0.a9090ac.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.685-1.git.0.a9090ac.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.685-1.git.0.a9090ac.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.685-1.g0c4bf66.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.685-1.g0c4bf66.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.685-1.g0c4bf66.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.685-1.g0c4bf66.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:prometheus-0:3.11.685-1.g99aae51.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:prometheus-0:3.11.685-1.g99aae51.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.685-1.g13de638.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.685-1.g13de638.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.685-1.g0c4bf66.el7.noarch | — |
Threats
Impact
Moderate
A flaw was found in Jenkins. The Pipeline: Groovy Plugin uses the same checkout directories for distinct SCMs when reading the script file (typically Jenkinsfile) for Pipelines. This flaw allows attackers with item/configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents.
8.8 (High)
Affected products
Fixed
2 products
Known not affected
80 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.685-1.g13de638.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.685-1.g609cd20.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.685-1.g99aae51.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:jenkins-0:2.319.3.1650348949-1.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:jenkins-0:2.319.3.1650348949-1.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.685-1.git.0.a9090ac.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.685-1.git.0.a9090ac.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.685-1.git.0.a9090ac.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.685-1.git.0.a9090ac.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.685-1.g0c4bf66.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.685-1.g0c4bf66.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.685-1.g0c4bf66.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.685-1.g0c4bf66.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:prometheus-0:3.11.685-1.g99aae51.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:prometheus-0:3.11.685-1.g99aae51.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.685-1.g13de638.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.685-1.g13de638.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.685-1.g0c4bf66.el7.noarch | — |
Threats
Impact
Important
A flaw was found in Jenkins. The JenkinsPipeline: Shared Groovy Libraries uses the same checkout directories for distinct SCMs for Pipeline libraries. This flaw allows attackers with item/configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents. This allows attackers to compromise confidentiality, integrity, and availability.
8.8 (High)
Affected products
Fixed
2 products
Known not affected
80 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.685-1.g13de638.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.685-1.g609cd20.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.685-1.g99aae51.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:jenkins-0:2.319.3.1650348949-1.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:jenkins-0:2.319.3.1650348949-1.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.685-1.git.0.a9090ac.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.685-1.git.0.a9090ac.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.685-1.git.0.a9090ac.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.685-1.git.0.a9090ac.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.685-1.g0c4bf66.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.685-1.g0c4bf66.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.685-1.g0c4bf66.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.685-1.g0c4bf66.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:prometheus-0:3.11.685-1.g99aae51.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:prometheus-0:3.11.685-1.g99aae51.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.685-1.g13de638.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.685-1.g13de638.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.685-1.g0c4bf66.el7.noarch | — |
Threats
Impact
Important
A flaw was found in Jenkins. The Pipeline: Multibranch uses the same checkout directories for distinct SCMs for the readTrusted step. This flaw allows attackers with item/configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents.This allows attackers to compromise confidentiality, integrity, and availability.
8.8 (High)
Affected products
Fixed
2 products
Known not affected
80 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.685-1.g13de638.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.685-1.g609cd20.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.685-1.g99aae51.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:jenkins-0:2.319.3.1650348949-1.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:jenkins-0:2.319.3.1650348949-1.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.685-1.git.0.a9090ac.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.685-1.git.0.a9090ac.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.685-1.git.0.a9090ac.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.685-1.git.0.a9090ac.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.685-1.g0c4bf66.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.685-1.g0c4bf66.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.685-1.g0c4bf66.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.685-1.g0c4bf66.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:prometheus-0:3.11.685-1.g99aae51.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:prometheus-0:3.11.685-1.g99aae51.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.685-1.g13de638.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.685-1.g13de638.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.685-1.g0c4bf66.el7.noarch | — |
Threats
Impact
Important
A flaw was found in Jenkins. The Pipeline: Groovy Plugin follows symbolic links to locations outside of the checkout directory for the configured SCM when reading the script file (typically Jenkinsfile) for Pipelines. This flaw allows attackers who can configure Pipelines to read arbitrary files on the Jenkins controller file system.
6.5 (Medium)
Affected products
Fixed
2 products
Known not affected
80 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.685-1.g13de638.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.685-1.g609cd20.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.685-1.g99aae51.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:jenkins-0:2.319.3.1650348949-1.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:jenkins-0:2.319.3.1650348949-1.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.685-1.git.0.a9090ac.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.685-1.git.0.a9090ac.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.685-1.git.0.a9090ac.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.685-1.git.0.a9090ac.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.685-1.g0c4bf66.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.685-1.g0c4bf66.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.685-1.g0c4bf66.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.685-1.g0c4bf66.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:prometheus-0:3.11.685-1.g99aae51.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:prometheus-0:3.11.685-1.g99aae51.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.685-1.g13de638.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.685-1.g13de638.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.685-1.g0c4bf66.el7.noarch | — |
Threats
Impact
Moderate
A flaw was found in Jenkins. The Pipeline: Shared Groovy Libraries follows symbolic links to locations outside of the expected Pipeline library when reading files using the libraryResource step. This flaw allows attackers who can configure Pipelines to read arbitrary files on the Jenkins controller file system.
6.5 (Medium)
Affected products
Fixed
2 products
Known not affected
80 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.685-1.g13de638.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.685-1.g609cd20.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.685-1.g99aae51.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:jenkins-0:2.319.3.1650348949-1.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:jenkins-0:2.319.3.1650348949-1.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.685-1.git.0.a9090ac.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.685-1.git.0.a9090ac.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.685-1.git.0.a9090ac.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.685-1.git.0.a9090ac.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.685-1.g0c4bf66.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.685-1.g0c4bf66.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.685-1.g0c4bf66.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.685-1.g0c4bf66.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:prometheus-0:3.11.685-1.g99aae51.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:prometheus-0:3.11.685-1.g99aae51.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.685-1.g13de638.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.685-1.g13de638.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.685-1.g0c4bf66.el7.noarch | — |
Threats
Impact
Moderate
A flaw was found in Jenkins. The Pipeline: Shared Groovy Libraries does not restrict the names of resources passed to the libraryResource step. This flaw allows attackers who can configure Pipelines to read arbitrary files on the Jenkins controller file system.
6.5 (Medium)
Affected products
Fixed
2 products
Known not affected
80 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.685-1.g13de638.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.685-1.g609cd20.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.685-1.g99aae51.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:jenkins-0:2.319.3.1650348949-1.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:jenkins-0:2.319.3.1650348949-1.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.685-1.git.0.a9090ac.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.685-1.git.0.a9090ac.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.685-1.git.0.a9090ac.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.685-1.git.0.a9090ac.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.685-1.g0c4bf66.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.685-1.g0c4bf66.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.685-1.g0c4bf66.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.685-1.g0c4bf66.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:prometheus-0:3.11.685-1.g99aae51.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:prometheus-0:3.11.685-1.g99aae51.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.685-1.g13de638.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.685-1.g13de638.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.685-1.g0c4bf66.el7.noarch | — |
Threats
Impact
Moderate
A flaw was found in Jenkins. The Pipeline: Multibranch follows symbolic links to locations outside of the checkout directory for the configured SCM when reading files using the readTrusted step. This flaw allows attackers that can configure Pipelines, to read arbitrary files on the Jenkins controller file system.
6.5 (Medium)
Affected products
Fixed
2 products
Known not affected
80 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.685-1.g13de638.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.685-1.g609cd20.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.685-1.g99aae51.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:jenkins-0:2.319.3.1650348949-1.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:jenkins-0:2.319.3.1650348949-1.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.685-1.git.0.a9090ac.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.685-1.git.0.a9090ac.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.685-1.git.0.a9090ac.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.685-1.git.0.a9090ac.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.685-1.g0c4bf66.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.685-1.g0c4bf66.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.685-1.g0c4bf66.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.685-1.g0c4bf66.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:prometheus-0:3.11.685-1.g99aae51.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:prometheus-0:3.11.685-1.g99aae51.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.685-1.g13de638.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.685-1.g13de638.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.685-1.g0c4bf66.el7.noarch | — |
Threats
Impact
Moderate
A flaw was found in Jenkins. The Pipeline: Groovy Plugin includes password parameters from the original build in replayed builds. This flaw allows attackers with run/replay permission to obtain the values of password parameters passed to previous builds of a Pipeline.
4.3 (Medium)
Affected products
Fixed
2 products
Known not affected
80 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.685-1.g13de638.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.685-1.g609cd20.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.685-1.g99aae51.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:jenkins-0:2.319.3.1650348949-1.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:jenkins-0:2.319.3.1650348949-1.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.685-1.git.0.a9090ac.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.685-1.git.0.a9090ac.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.685-1.git.0.a9090ac.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.685-1.git.0.a9090ac.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.685-1.g0c4bf66.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.685-1.g0c4bf66.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.685-1.g0c4bf66.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.685-1.g0c4bf66.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:prometheus-0:3.11.685-1.g99aae51.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:prometheus-0:3.11.685-1.g99aae51.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.685-1.g13de638.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.685-1.g13de638.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.685-1.g0c4bf66.el7.noarch | — |
Threats
Impact
Moderate
A flaw was found in Jenkins. The Pipeline: Shared Groovy Libraries Plugin uses the same workspace directory for all checkouts of Pipeline libraries with the same name, regardless of the SCM used and the source of the library configuration. This flaw allows attackers with item/configure permission to execute arbitrary code in the context of the Jenkins controller, JVM, through crafted SCM contents if a global Pipeline library already exists.
8.8 (High)
Affected products
Fixed
2 products
Known not affected
80 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.685-1.g13de638.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.685-1.g609cd20.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.685-1.g99aae51.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:jenkins-0:2.319.3.1650348949-1.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:jenkins-0:2.319.3.1650348949-1.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.685-1.git.0.a9090ac.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.685-1.git.0.a9090ac.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.685-1.git.0.a9090ac.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.685-1.git.0.a9090ac.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.685-1.g0c4bf66.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.685-1.g0c4bf66.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.685-1.g0c4bf66.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.685-1.g0c4bf66.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:prometheus-0:3.11.685-1.g99aae51.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:prometheus-0:3.11.685-1.g99aae51.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.685-1.g13de638.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.685-1.g13de638.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.685-1.g0c4bf66.el7.noarch | — |
Threats
Impact
Important
A flaw was found in Jenkins. The Pipeline: Shared Groovy Libraries Plugin uses the names of Pipeline libraries to create directories without canonicalization or sanitization. This flaw allows attackers with item/configure permission to execute arbitrary code in the context of the Jenkins controller, JVM, using specially crafted library names if a global Pipeline library is already configured.
8.8 (High)
Affected products
Fixed
2 products
Known not affected
80 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.685-1.g13de638.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.685-1.g609cd20.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.685-1.g99aae51.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:jenkins-0:2.319.3.1650348949-1.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:jenkins-0:2.319.3.1650348949-1.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.685-1.git.0.a9090ac.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.685-1.git.0.a9090ac.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.685-1.git.0.a9090ac.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.685-1.git.0.a9090ac.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.685-1.g0c4bf66.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.685-1.g0c4bf66.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.685-1.g0c4bf66.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.685-1.g0c4bf66.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:prometheus-0:3.11.685-1.g99aae51.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:prometheus-0:3.11.685-1.g99aae51.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.685-1.g13de638.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.685-1.g13de638.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.685-1.g0c4bf66.el7.noarch | — |
Threats
Impact
Important
A flaw was found in Jenkins. The Pipeline: Shared Groovy Libraries plugin uses the names of Pipeline libraries to create cache directories without any sanitization. This flaw allows attackers with item/configure permission to execute arbitrary code in the context of the Jenkins controller JVM, using specially crafted library names if a global Pipeline library configured to use caching already exists.
8.8 (High)
Affected products
Fixed
2 products
Known not affected
80 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.685-1.g13de638.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.685-1.g609cd20.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.685-1.g99aae51.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:jenkins-0:2.319.3.1650348949-1.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:jenkins-0:2.319.3.1650348949-1.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.685-1.git.0.a9090ac.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.685-1.git.0.a9090ac.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.685-1.git.0.a9090ac.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.685-1.git.0.a9090ac.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.685-1.g0c4bf66.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.685-1.g0c4bf66.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.685-1.g0c4bf66.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.685-1.g0c4bf66.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:prometheus-0:3.11.685-1.g99aae51.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:prometheus-0:3.11.685-1.g99aae51.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.685-1.g13de638.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.685-1.g13de638.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.685-1.g0c4bf66.el7.noarch | — |
Threats
Impact
Important
A flaw was found in Jenkins pipeline-build-step where it revealed password parameter default values when generating a pipeline script using the Pipeline snippet generator. This flaw allows attackers with item/read permission to retrieve the default password parameter value from jobs and compromises confidentiality.
6.5 (Medium)
Affected products
Fixed
2 products
Known not affected
80 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.685-1.g13de638.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.685-1.g609cd20.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.685-1.g99aae51.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:jenkins-0:2.319.3.1650348949-1.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:jenkins-0:2.319.3.1650348949-1.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.685-1.git.0.a9090ac.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.685-1.git.0.a9090ac.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.685-1.git.0.a9090ac.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.685-1.git.0.a9090ac.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.685-1.g0c4bf66.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.685-1.g0c4bf66.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.685-1.g0c4bf66.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.685-1.g0c4bf66.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:prometheus-0:3.11.685-1.g99aae51.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:prometheus-0:3.11.685-1.g99aae51.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.685-1.g13de638.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.685-1.g13de638.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.ppc64le | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.685-1.g0c4bf66.el7.noarch | — |
Threats
Impact
Moderate
References
69 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Container Platform release 3.11.685 is now available with\nupdates to packages and images that fix several bugs and add enhancements.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container\nPlatform 3.11.685. See the following advisory for the container images for this release:\n\nhttps://access.redhat.com/errata/RHBA-2022:1421\n\nSpace precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html \n\nSecurity Fix(es):\n\n* workflow-cps: OS command execution through crafted SCM contents (CVE-2022-25173)\n\n* workflow-cps-global-lib: OS command execution through crafted SCM contents (CVE-2022-25174)\n\n* workflow-multibranch: OS command execution through crafted SCM contents (CVE-2022-25175)\n\n* workflow-cps-global-lib: Sandbox bypass vulnerability (CVE-2022-25181)\n\n* workflow-cps-global-lib: Sandbox bypass vulnerability (CVE-2022-25182)\n\n* workflow-cps-global-lib: Sandbox bypass vulnerability (CVE-2022-25183)\n\n* xstream: Injecting highly recursive collections or maps can cause a DoS (CVE-2021-43859)\n\n* workflow-cps: Pipeline-related plugins follow symbolic links or do not limit path names (CVE-2022-25176)\n\n* workflow-cps-global-lib: Pipeline-related plugins follow symbolic links or do not limit path names (CVE-2022-25177)\n\n* workflow-cps-global-lib: Pipeline-related plugins follow symbolic links or do not limit path names (CVE-2022-25178)\n\n* workflow-multibranch: Pipeline-related plugins follow symbolic links or do not limit path names (CVE-2022-25179)\n\n* workflow-cps: Password parameters are included from the original build in replayed builds (CVE-2022-25180)\n\n* pipeline-build-step: Password parameter default values exposed (CVE-2022-25184)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:1420",
"url": "https://access.redhat.com/errata/RHSA-2022:1420"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2049783",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2049783"
},
{
"category": "external",
"summary": "2055719",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2055719"
},
{
"category": "external",
"summary": "2055733",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2055733"
},
{
"category": "external",
"summary": "2055734",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2055734"
},
{
"category": "external",
"summary": "2055787",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2055787"
},
{
"category": "external",
"summary": "2055788",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2055788"
},
{
"category": "external",
"summary": "2055789",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2055789"
},
{
"category": "external",
"summary": "2055792",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2055792"
},
{
"category": "external",
"summary": "2055795",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2055795"
},
{
"category": "external",
"summary": "2055797",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2055797"
},
{
"category": "external",
"summary": "2055798",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2055798"
},
{
"category": "external",
"summary": "2055802",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2055802"
},
{
"category": "external",
"summary": "2055804",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2055804"
},
{
"category": "external",
"summary": "2076828",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2076828"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_1420.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Container Platform 3.11.685 security and bug fix update",
"tracking": {
"current_release_date": "2026-03-21T04:24:42+00:00",
"generator": {
"date": "2026-03-21T04:24:42+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2022:1420",
"initial_release_date": "2022-04-27T07:44:06+00:00",
"revision_history": [
{
"date": "2022-04-27T07:44:06+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-04-27T07:44:06+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-21T04:24:42+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 3.11",
"product": {
"name": "Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:3.11::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.src",
"product": {
"name": "atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.src",
"product_id": "atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-enterprise-service-catalog@3.11.685-1.g2e6be86.el7?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.src",
"product": {
"name": "atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.src",
"product_id": "atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift@3.11.685-1.git.0.7faaeaa.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.src",
"product": {
"name": "atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.src",
"product_id": "atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-cluster-autoscaler@3.11.685-1.g99b2acf.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.src",
"product": {
"name": "atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.src",
"product_id": "atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-descheduler@3.11.685-1.gd435537.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.src",
"product": {
"name": "atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.src",
"product_id": "atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-dockerregistry@3.11.685-1.g3571208.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.src",
"product": {
"name": "atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.src",
"product_id": "atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-metrics-server@3.11.685-1.gf8bf728.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.src",
"product": {
"name": "atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.src",
"product_id": "atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-node-problem-detector@3.11.685-1.gc8f26da.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.src",
"product": {
"name": "atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.src",
"product_id": "atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-service-idler@3.11.685-1.g39cfc66.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.src",
"product": {
"name": "atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.src",
"product_id": "atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-web-console@3.11.685-1.gd742e61.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.src",
"product": {
"name": "golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.src",
"product_id": "golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-github-openshift-oauth-proxy@3.11.685-1.gedebe84.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "golang-github-prometheus-alertmanager-0:3.11.685-1.g13de638.el7.src",
"product": {
"name": "golang-github-prometheus-alertmanager-0:3.11.685-1.g13de638.el7.src",
"product_id": "golang-github-prometheus-alertmanager-0:3.11.685-1.g13de638.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-github-prometheus-alertmanager@3.11.685-1.g13de638.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "golang-github-prometheus-node_exporter-0:3.11.685-1.g609cd20.el7.src",
"product": {
"name": "golang-github-prometheus-node_exporter-0:3.11.685-1.g609cd20.el7.src",
"product_id": "golang-github-prometheus-node_exporter-0:3.11.685-1.g609cd20.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-github-prometheus-node_exporter@3.11.685-1.g609cd20.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "golang-github-prometheus-prometheus-0:3.11.685-1.g99aae51.el7.src",
"product": {
"name": "golang-github-prometheus-prometheus-0:3.11.685-1.g99aae51.el7.src",
"product_id": "golang-github-prometheus-prometheus-0:3.11.685-1.g99aae51.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-github-prometheus-prometheus@3.11.685-1.g99aae51.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jenkins-0:2.319.3.1650348949-1.el7.src",
"product": {
"name": "jenkins-0:2.319.3.1650348949-1.el7.src",
"product_id": "jenkins-0:2.319.3.1650348949-1.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins@2.319.3.1650348949-1.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jenkins-2-plugins-0:3.11.1650371376-1.el7.src",
"product": {
"name": "jenkins-2-plugins-0:3.11.1650371376-1.el7.src",
"product_id": "jenkins-2-plugins-0:3.11.1650371376-1.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins-2-plugins@3.11.1650371376-1.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.src",
"product": {
"name": "openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.src",
"product_id": "openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible@3.11.685-1.git.0.a9090ac.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.src",
"product": {
"name": "openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.src",
"product_id": "openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-enterprise-autoheal@3.11.685-1.gf2f435d.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.src",
"product": {
"name": "openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.src",
"product_id": "openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-enterprise-cluster-capacity@3.11.685-1.g22be164.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-kuryr-0:3.11.685-1.g0c4bf66.el7.src",
"product": {
"name": "openshift-kuryr-0:3.11.685-1.g0c4bf66.el7.src",
"product_id": "openshift-kuryr-0:3.11.685-1.g0c4bf66.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-kuryr@3.11.685-1.g0c4bf66.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.x86_64",
"product": {
"name": "atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.x86_64",
"product_id": "atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-enterprise-service-catalog@3.11.685-1.g2e6be86.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.x86_64",
"product": {
"name": "atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.x86_64",
"product_id": "atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-enterprise-service-catalog-svcat@3.11.685-1.g2e6be86.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"product": {
"name": "atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"product_id": "atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift@3.11.685-1.git.0.7faaeaa.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"product": {
"name": "atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"product_id": "atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-clients@3.11.685-1.git.0.7faaeaa.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-clients-redistributable-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"product": {
"name": "atomic-openshift-clients-redistributable-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"product_id": "atomic-openshift-clients-redistributable-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-clients-redistributable@3.11.685-1.git.0.7faaeaa.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"product": {
"name": "atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"product_id": "atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-hyperkube@3.11.685-1.git.0.7faaeaa.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"product": {
"name": "atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"product_id": "atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-hypershift@3.11.685-1.git.0.7faaeaa.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"product": {
"name": "atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"product_id": "atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-master@3.11.685-1.git.0.7faaeaa.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"product": {
"name": "atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"product_id": "atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-node@3.11.685-1.git.0.7faaeaa.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"product": {
"name": "atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"product_id": "atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-pod@3.11.685-1.git.0.7faaeaa.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"product": {
"name": "atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"product_id": "atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-sdn-ovs@3.11.685-1.git.0.7faaeaa.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"product": {
"name": "atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"product_id": "atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-template-service-broker@3.11.685-1.git.0.7faaeaa.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"product": {
"name": "atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"product_id": "atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-tests@3.11.685-1.git.0.7faaeaa.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.x86_64",
"product": {
"name": "atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.x86_64",
"product_id": "atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-cluster-autoscaler@3.11.685-1.g99b2acf.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.x86_64",
"product": {
"name": "atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.x86_64",
"product_id": "atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-descheduler@3.11.685-1.gd435537.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.x86_64",
"product": {
"name": "atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.x86_64",
"product_id": "atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-dockerregistry@3.11.685-1.g3571208.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.x86_64",
"product": {
"name": "atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.x86_64",
"product_id": "atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-metrics-server@3.11.685-1.gf8bf728.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.x86_64",
"product": {
"name": "atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.x86_64",
"product_id": "atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-node-problem-detector@3.11.685-1.gc8f26da.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.x86_64",
"product": {
"name": "atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.x86_64",
"product_id": "atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-service-idler@3.11.685-1.g39cfc66.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.x86_64",
"product": {
"name": "atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.x86_64",
"product_id": "atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-web-console@3.11.685-1.gd742e61.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.x86_64",
"product": {
"name": "golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.x86_64",
"product_id": "golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-github-openshift-oauth-proxy@3.11.685-1.gedebe84.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "prometheus-alertmanager-0:3.11.685-1.g13de638.el7.x86_64",
"product": {
"name": "prometheus-alertmanager-0:3.11.685-1.g13de638.el7.x86_64",
"product_id": "prometheus-alertmanager-0:3.11.685-1.g13de638.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/prometheus-alertmanager@3.11.685-1.g13de638.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.x86_64",
"product": {
"name": "prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.x86_64",
"product_id": "prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/prometheus-node-exporter@3.11.685-1.g609cd20.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "prometheus-0:3.11.685-1.g99aae51.el7.x86_64",
"product": {
"name": "prometheus-0:3.11.685-1.g99aae51.el7.x86_64",
"product_id": "prometheus-0:3.11.685-1.g99aae51.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/prometheus@3.11.685-1.g99aae51.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.x86_64",
"product": {
"name": "openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.x86_64",
"product_id": "openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-enterprise-autoheal@3.11.685-1.gf2f435d.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.x86_64",
"product": {
"name": "openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.x86_64",
"product_id": "openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-enterprise-cluster-capacity@3.11.685-1.g22be164.el7?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.ppc64le",
"product": {
"name": "atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.ppc64le",
"product_id": "atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-enterprise-service-catalog@3.11.685-1.g2e6be86.el7?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.ppc64le",
"product": {
"name": "atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.ppc64le",
"product_id": "atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-enterprise-service-catalog-svcat@3.11.685-1.g2e6be86.el7?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"product": {
"name": "atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"product_id": "atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift@3.11.685-1.git.0.7faaeaa.el7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"product": {
"name": "atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"product_id": "atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-clients@3.11.685-1.git.0.7faaeaa.el7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"product": {
"name": "atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"product_id": "atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-hyperkube@3.11.685-1.git.0.7faaeaa.el7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"product": {
"name": "atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"product_id": "atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-hypershift@3.11.685-1.git.0.7faaeaa.el7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"product": {
"name": "atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"product_id": "atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-master@3.11.685-1.git.0.7faaeaa.el7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"product": {
"name": "atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"product_id": "atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-node@3.11.685-1.git.0.7faaeaa.el7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"product": {
"name": "atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"product_id": "atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-pod@3.11.685-1.git.0.7faaeaa.el7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"product": {
"name": "atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"product_id": "atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-sdn-ovs@3.11.685-1.git.0.7faaeaa.el7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"product": {
"name": "atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"product_id": "atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-template-service-broker@3.11.685-1.git.0.7faaeaa.el7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"product": {
"name": "atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"product_id": "atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-tests@3.11.685-1.git.0.7faaeaa.el7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.ppc64le",
"product": {
"name": "atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.ppc64le",
"product_id": "atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-cluster-autoscaler@3.11.685-1.g99b2acf.el7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.ppc64le",
"product": {
"name": "atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.ppc64le",
"product_id": "atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-descheduler@3.11.685-1.gd435537.el7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.ppc64le",
"product": {
"name": "atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.ppc64le",
"product_id": "atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-metrics-server@3.11.685-1.gf8bf728.el7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.ppc64le",
"product": {
"name": "atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.ppc64le",
"product_id": "atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-node-problem-detector@3.11.685-1.gc8f26da.el7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.ppc64le",
"product": {
"name": "atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.ppc64le",
"product_id": "atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-service-idler@3.11.685-1.g39cfc66.el7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.ppc64le",
"product": {
"name": "atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.ppc64le",
"product_id": "atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-web-console@3.11.685-1.gd742e61.el7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.ppc64le",
"product": {
"name": "golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.ppc64le",
"product_id": "golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-github-openshift-oauth-proxy@3.11.685-1.gedebe84.el7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "prometheus-alertmanager-0:3.11.685-1.g13de638.el7.ppc64le",
"product": {
"name": "prometheus-alertmanager-0:3.11.685-1.g13de638.el7.ppc64le",
"product_id": "prometheus-alertmanager-0:3.11.685-1.g13de638.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/prometheus-alertmanager@3.11.685-1.g13de638.el7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.ppc64le",
"product": {
"name": "prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.ppc64le",
"product_id": "prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/prometheus-node-exporter@3.11.685-1.g609cd20.el7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "prometheus-0:3.11.685-1.g99aae51.el7.ppc64le",
"product": {
"name": "prometheus-0:3.11.685-1.g99aae51.el7.ppc64le",
"product_id": "prometheus-0:3.11.685-1.g99aae51.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/prometheus@3.11.685-1.g99aae51.el7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.ppc64le",
"product": {
"name": "openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.ppc64le",
"product_id": "openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-enterprise-autoheal@3.11.685-1.gf2f435d.el7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.ppc64le",
"product": {
"name": "openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.ppc64le",
"product_id": "openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-enterprise-cluster-capacity@3.11.685-1.g22be164.el7?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "atomic-openshift-docker-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch",
"product": {
"name": "atomic-openshift-docker-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch",
"product_id": "atomic-openshift-docker-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-docker-excluder@3.11.685-1.git.0.7faaeaa.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch",
"product": {
"name": "atomic-openshift-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch",
"product_id": "atomic-openshift-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-excluder@3.11.685-1.git.0.7faaeaa.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jenkins-0:2.319.3.1650348949-1.el7.noarch",
"product": {
"name": "jenkins-0:2.319.3.1650348949-1.el7.noarch",
"product_id": "jenkins-0:2.319.3.1650348949-1.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins@2.319.3.1650348949-1.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jenkins-2-plugins-0:3.11.1650371376-1.el7.noarch",
"product": {
"name": "jenkins-2-plugins-0:3.11.1650371376-1.el7.noarch",
"product_id": "jenkins-2-plugins-0:3.11.1650371376-1.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins-2-plugins@3.11.1650371376-1.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"product": {
"name": "openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"product_id": "openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible@3.11.685-1.git.0.a9090ac.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-ansible-docs-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"product": {
"name": "openshift-ansible-docs-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"product_id": "openshift-ansible-docs-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible-docs@3.11.685-1.git.0.a9090ac.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-ansible-playbooks-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"product": {
"name": "openshift-ansible-playbooks-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"product_id": "openshift-ansible-playbooks-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible-playbooks@3.11.685-1.git.0.a9090ac.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-ansible-roles-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"product": {
"name": "openshift-ansible-roles-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"product_id": "openshift-ansible-roles-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible-roles@3.11.685-1.git.0.a9090ac.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-ansible-test-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"product": {
"name": "openshift-ansible-test-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"product_id": "openshift-ansible-test-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible-test@3.11.685-1.git.0.a9090ac.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-kuryr-cni-0:3.11.685-1.g0c4bf66.el7.noarch",
"product": {
"name": "openshift-kuryr-cni-0:3.11.685-1.g0c4bf66.el7.noarch",
"product_id": "openshift-kuryr-cni-0:3.11.685-1.g0c4bf66.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-kuryr-cni@3.11.685-1.g0c4bf66.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-kuryr-common-0:3.11.685-1.g0c4bf66.el7.noarch",
"product": {
"name": "openshift-kuryr-common-0:3.11.685-1.g0c4bf66.el7.noarch",
"product_id": "openshift-kuryr-common-0:3.11.685-1.g0c4bf66.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-kuryr-common@3.11.685-1.g0c4bf66.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-kuryr-controller-0:3.11.685-1.g0c4bf66.el7.noarch",
"product": {
"name": "openshift-kuryr-controller-0:3.11.685-1.g0c4bf66.el7.noarch",
"product_id": "openshift-kuryr-controller-0:3.11.685-1.g0c4bf66.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-kuryr-controller@3.11.685-1.g0c4bf66.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python2-kuryr-kubernetes-0:3.11.685-1.g0c4bf66.el7.noarch",
"product": {
"name": "python2-kuryr-kubernetes-0:3.11.685-1.g0c4bf66.el7.noarch",
"product_id": "python2-kuryr-kubernetes-0:3.11.685-1.g0c4bf66.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python2-kuryr-kubernetes@3.11.685-1.g0c4bf66.el7?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.ppc64le"
},
"product_reference": "atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.ppc64le",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.src as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.src"
},
"product_reference": "atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.x86_64"
},
"product_reference": "atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.ppc64le"
},
"product_reference": "atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.ppc64le",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.x86_64"
},
"product_reference": "atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le"
},
"product_reference": "atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.src as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.src"
},
"product_reference": "atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64"
},
"product_reference": "atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le"
},
"product_reference": "atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.x86_64"
},
"product_reference": "atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-clients-redistributable-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.685-1.git.0.7faaeaa.el7.x86_64"
},
"product_reference": "atomic-openshift-clients-redistributable-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.ppc64le"
},
"product_reference": "atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.ppc64le",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.src as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.src"
},
"product_reference": "atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.x86_64"
},
"product_reference": "atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.ppc64le"
},
"product_reference": "atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.ppc64le",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.src as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.src"
},
"product_reference": "atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.x86_64"
},
"product_reference": "atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-docker-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch"
},
"product_reference": "atomic-openshift-docker-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.src as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.src"
},
"product_reference": "atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.x86_64"
},
"product_reference": "atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch"
},
"product_reference": "atomic-openshift-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le"
},
"product_reference": "atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.x86_64"
},
"product_reference": "atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le"
},
"product_reference": "atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64"
},
"product_reference": "atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le"
},
"product_reference": "atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.x86_64"
},
"product_reference": "atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.ppc64le"
},
"product_reference": "atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.ppc64le",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.src as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.src"
},
"product_reference": "atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.x86_64"
},
"product_reference": "atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le"
},
"product_reference": "atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.x86_64"
},
"product_reference": "atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.ppc64le"
},
"product_reference": "atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.ppc64le",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.src as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.src"
},
"product_reference": "atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.x86_64"
},
"product_reference": "atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le"
},
"product_reference": "atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.x86_64"
},
"product_reference": "atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le"
},
"product_reference": "atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.x86_64"
},
"product_reference": "atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.ppc64le"
},
"product_reference": "atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.ppc64le",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.src as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.src"
},
"product_reference": "atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.x86_64"
},
"product_reference": "atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le"
},
"product_reference": "atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.x86_64"
},
"product_reference": "atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le"
},
"product_reference": "atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.x86_64"
},
"product_reference": "atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.ppc64le"
},
"product_reference": "atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.ppc64le",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.src as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.src"
},
"product_reference": "atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.x86_64"
},
"product_reference": "atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.ppc64le"
},
"product_reference": "golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.ppc64le",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.src as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.src"
},
"product_reference": "golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.x86_64"
},
"product_reference": "golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-alertmanager-0:3.11.685-1.g13de638.el7.src as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.685-1.g13de638.el7.src"
},
"product_reference": "golang-github-prometheus-alertmanager-0:3.11.685-1.g13de638.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-node_exporter-0:3.11.685-1.g609cd20.el7.src as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.685-1.g609cd20.el7.src"
},
"product_reference": "golang-github-prometheus-node_exporter-0:3.11.685-1.g609cd20.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-prometheus-0:3.11.685-1.g99aae51.el7.src as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.685-1.g99aae51.el7.src"
},
"product_reference": "golang-github-prometheus-prometheus-0:3.11.685-1.g99aae51.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-0:2.319.3.1650348949-1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:jenkins-0:2.319.3.1650348949-1.el7.noarch"
},
"product_reference": "jenkins-0:2.319.3.1650348949-1.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-0:2.319.3.1650348949-1.el7.src as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:jenkins-0:2.319.3.1650348949-1.el7.src"
},
"product_reference": "jenkins-0:2.319.3.1650348949-1.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-2-plugins-0:3.11.1650371376-1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1650371376-1.el7.noarch"
},
"product_reference": "jenkins-2-plugins-0:3.11.1650371376-1.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-2-plugins-0:3.11.1650371376-1.el7.src as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1650371376-1.el7.src"
},
"product_reference": "jenkins-2-plugins-0:3.11.1650371376-1.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.noarch"
},
"product_reference": "openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.src as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.src"
},
"product_reference": "openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-docs-0:3.11.685-1.git.0.a9090ac.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.685-1.git.0.a9090ac.el7.noarch"
},
"product_reference": "openshift-ansible-docs-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-playbooks-0:3.11.685-1.git.0.a9090ac.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.685-1.git.0.a9090ac.el7.noarch"
},
"product_reference": "openshift-ansible-playbooks-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-roles-0:3.11.685-1.git.0.a9090ac.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.685-1.git.0.a9090ac.el7.noarch"
},
"product_reference": "openshift-ansible-roles-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-test-0:3.11.685-1.git.0.a9090ac.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.685-1.git.0.a9090ac.el7.noarch"
},
"product_reference": "openshift-ansible-test-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.ppc64le"
},
"product_reference": "openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.ppc64le",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.src as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.src"
},
"product_reference": "openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.x86_64"
},
"product_reference": "openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.ppc64le"
},
"product_reference": "openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.ppc64le",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.src as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.src"
},
"product_reference": "openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.x86_64"
},
"product_reference": "openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-kuryr-0:3.11.685-1.g0c4bf66.el7.src as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.685-1.g0c4bf66.el7.src"
},
"product_reference": "openshift-kuryr-0:3.11.685-1.g0c4bf66.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-kuryr-cni-0:3.11.685-1.g0c4bf66.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.685-1.g0c4bf66.el7.noarch"
},
"product_reference": "openshift-kuryr-cni-0:3.11.685-1.g0c4bf66.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-kuryr-common-0:3.11.685-1.g0c4bf66.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.685-1.g0c4bf66.el7.noarch"
},
"product_reference": "openshift-kuryr-common-0:3.11.685-1.g0c4bf66.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-kuryr-controller-0:3.11.685-1.g0c4bf66.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.685-1.g0c4bf66.el7.noarch"
},
"product_reference": "openshift-kuryr-controller-0:3.11.685-1.g0c4bf66.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "prometheus-0:3.11.685-1.g99aae51.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.685-1.g99aae51.el7.ppc64le"
},
"product_reference": "prometheus-0:3.11.685-1.g99aae51.el7.ppc64le",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "prometheus-0:3.11.685-1.g99aae51.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.685-1.g99aae51.el7.x86_64"
},
"product_reference": "prometheus-0:3.11.685-1.g99aae51.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "prometheus-alertmanager-0:3.11.685-1.g13de638.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.685-1.g13de638.el7.ppc64le"
},
"product_reference": "prometheus-alertmanager-0:3.11.685-1.g13de638.el7.ppc64le",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "prometheus-alertmanager-0:3.11.685-1.g13de638.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.685-1.g13de638.el7.x86_64"
},
"product_reference": "prometheus-alertmanager-0:3.11.685-1.g13de638.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.ppc64le"
},
"product_reference": "prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.ppc64le",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.x86_64"
},
"product_reference": "prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-kuryr-kubernetes-0:3.11.685-1.g0c4bf66.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.685-1.g0c4bf66.el7.noarch"
},
"product_reference": "python2-kuryr-kubernetes-0:3.11.685-1.g0c4bf66.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-43859",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2022-02-01T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.x86_64",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.x86_64",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.685-1.g13de638.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.685-1.g609cd20.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.685-1.g99aae51.el7.src",
"7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1650371376-1.el7.noarch",
"7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1650371376-1.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.x86_64",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.685-1.g0c4bf66.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:prometheus-0:3.11.685-1.g99aae51.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-0:3.11.685-1.g99aae51.el7.x86_64",
"7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.685-1.g13de638.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.685-1.g13de638.el7.x86_64",
"7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.x86_64",
"7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.685-1.g0c4bf66.el7.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2049783"
}
],
"notes": [
{
"category": "description",
"text": "XStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. XStream 1.4.19 monitors and accumulates the time it takes to add elements to collections and throws an exception if a set threshold is exceeded. Users are advised to upgrade as soon as possible. Users unable to upgrade may set the NO_REFERENCE mode to prevent recursion. See GHSA-rmr5-cpv2-vgjf for further details on a workaround if an upgrade is not possible.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "xstream: Injecting highly recursive collections or maps can cause a DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security has rated this issue as having Moderate security impact and the issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7, hence, marked as Out-of-Support-Scope. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOSE-3.11:jenkins-0:2.319.3.1650348949-1.el7.noarch",
"7Server-RH7-RHOSE-3.11:jenkins-0:2.319.3.1650348949-1.el7.src"
],
"known_not_affected": [
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.x86_64",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.x86_64",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.685-1.g13de638.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.685-1.g609cd20.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.685-1.g99aae51.el7.src",
"7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1650371376-1.el7.noarch",
"7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1650371376-1.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.x86_64",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.685-1.g0c4bf66.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:prometheus-0:3.11.685-1.g99aae51.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-0:3.11.685-1.g99aae51.el7.x86_64",
"7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.685-1.g13de638.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.685-1.g13de638.el7.x86_64",
"7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.x86_64",
"7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.685-1.g0c4bf66.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-43859"
},
{
"category": "external",
"summary": "RHBZ#2049783",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2049783"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-43859",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43859"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-43859",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43859"
}
],
"release_date": "2022-01-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-04-27T07:44:06+00:00",
"details": "For OpenShift Container Platform 3.11 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nDetails on how to access this content are available at https://docs.openshift.com/container-platform/3.11/updating/updating-cluster-cli.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/3.11/upgrading/index.html",
"product_ids": [
"7Server-RH7-RHOSE-3.11:jenkins-0:2.319.3.1650348949-1.el7.noarch",
"7Server-RH7-RHOSE-3.11:jenkins-0:2.319.3.1650348949-1.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1420"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.x86_64",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.x86_64",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.685-1.g13de638.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.685-1.g609cd20.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.685-1.g99aae51.el7.src",
"7Server-RH7-RHOSE-3.11:jenkins-0:2.319.3.1650348949-1.el7.noarch",
"7Server-RH7-RHOSE-3.11:jenkins-0:2.319.3.1650348949-1.el7.src",
"7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1650371376-1.el7.noarch",
"7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1650371376-1.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.x86_64",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.685-1.g0c4bf66.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:prometheus-0:3.11.685-1.g99aae51.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-0:3.11.685-1.g99aae51.el7.x86_64",
"7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.685-1.g13de638.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.685-1.g13de638.el7.x86_64",
"7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.x86_64",
"7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.685-1.g0c4bf66.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "xstream: Injecting highly recursive collections or maps can cause a DoS"
},
{
"cve": "CVE-2022-25173",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2022-02-15T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.x86_64",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.x86_64",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.685-1.g13de638.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.685-1.g609cd20.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.685-1.g99aae51.el7.src",
"7Server-RH7-RHOSE-3.11:jenkins-0:2.319.3.1650348949-1.el7.noarch",
"7Server-RH7-RHOSE-3.11:jenkins-0:2.319.3.1650348949-1.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.x86_64",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.685-1.g0c4bf66.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:prometheus-0:3.11.685-1.g99aae51.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-0:3.11.685-1.g99aae51.el7.x86_64",
"7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.685-1.g13de638.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.685-1.g13de638.el7.x86_64",
"7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.x86_64",
"7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.685-1.g0c4bf66.el7.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2055733"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jenkins. The Pipeline: Groovy Plugin uses the same checkout directories for distinct SCMs when reading the script file (typically Jenkinsfile) for Pipelines. This flaw allows attackers with item/configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "workflow-cps: OS command execution through crafted SCM contents",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1650371376-1.el7.noarch",
"7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1650371376-1.el7.src"
],
"known_not_affected": [
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.x86_64",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.x86_64",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.685-1.g13de638.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.685-1.g609cd20.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.685-1.g99aae51.el7.src",
"7Server-RH7-RHOSE-3.11:jenkins-0:2.319.3.1650348949-1.el7.noarch",
"7Server-RH7-RHOSE-3.11:jenkins-0:2.319.3.1650348949-1.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.x86_64",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.685-1.g0c4bf66.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:prometheus-0:3.11.685-1.g99aae51.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-0:3.11.685-1.g99aae51.el7.x86_64",
"7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.685-1.g13de638.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.685-1.g13de638.el7.x86_64",
"7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.x86_64",
"7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.685-1.g0c4bf66.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-25173"
},
{
"category": "external",
"summary": "RHBZ#2055733",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2055733"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-25173",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25173"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25173",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25173"
}
],
"release_date": "2022-02-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-04-27T07:44:06+00:00",
"details": "For OpenShift Container Platform 3.11 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nDetails on how to access this content are available at https://docs.openshift.com/container-platform/3.11/updating/updating-cluster-cli.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/3.11/upgrading/index.html",
"product_ids": [
"7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1650371376-1.el7.noarch",
"7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1650371376-1.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1420"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.x86_64",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.x86_64",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.685-1.g13de638.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.685-1.g609cd20.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.685-1.g99aae51.el7.src",
"7Server-RH7-RHOSE-3.11:jenkins-0:2.319.3.1650348949-1.el7.noarch",
"7Server-RH7-RHOSE-3.11:jenkins-0:2.319.3.1650348949-1.el7.src",
"7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1650371376-1.el7.noarch",
"7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1650371376-1.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.x86_64",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.685-1.g0c4bf66.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:prometheus-0:3.11.685-1.g99aae51.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-0:3.11.685-1.g99aae51.el7.x86_64",
"7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.685-1.g13de638.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.685-1.g13de638.el7.x86_64",
"7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.x86_64",
"7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.685-1.g0c4bf66.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "workflow-cps: OS command execution through crafted SCM contents"
},
{
"cve": "CVE-2022-25174",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2022-02-15T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.x86_64",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.x86_64",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.685-1.g13de638.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.685-1.g609cd20.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.685-1.g99aae51.el7.src",
"7Server-RH7-RHOSE-3.11:jenkins-0:2.319.3.1650348949-1.el7.noarch",
"7Server-RH7-RHOSE-3.11:jenkins-0:2.319.3.1650348949-1.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.x86_64",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.685-1.g0c4bf66.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:prometheus-0:3.11.685-1.g99aae51.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-0:3.11.685-1.g99aae51.el7.x86_64",
"7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.685-1.g13de638.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.685-1.g13de638.el7.x86_64",
"7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.x86_64",
"7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.685-1.g0c4bf66.el7.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2055734"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jenkins. The JenkinsPipeline: Shared Groovy Libraries uses the same checkout directories for distinct SCMs for Pipeline libraries. This flaw allows attackers with item/configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents. This allows attackers to compromise confidentiality, integrity, and availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "workflow-cps-global-lib: OS command execution through crafted SCM contents",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1650371376-1.el7.noarch",
"7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1650371376-1.el7.src"
],
"known_not_affected": [
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.x86_64",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.x86_64",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.685-1.g13de638.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.685-1.g609cd20.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.685-1.g99aae51.el7.src",
"7Server-RH7-RHOSE-3.11:jenkins-0:2.319.3.1650348949-1.el7.noarch",
"7Server-RH7-RHOSE-3.11:jenkins-0:2.319.3.1650348949-1.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.x86_64",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.685-1.g0c4bf66.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:prometheus-0:3.11.685-1.g99aae51.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-0:3.11.685-1.g99aae51.el7.x86_64",
"7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.685-1.g13de638.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.685-1.g13de638.el7.x86_64",
"7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.x86_64",
"7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.685-1.g0c4bf66.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-25174"
},
{
"category": "external",
"summary": "RHBZ#2055734",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2055734"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-25174",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25174"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25174",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25174"
}
],
"release_date": "2022-02-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-04-27T07:44:06+00:00",
"details": "For OpenShift Container Platform 3.11 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nDetails on how to access this content are available at https://docs.openshift.com/container-platform/3.11/updating/updating-cluster-cli.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/3.11/upgrading/index.html",
"product_ids": [
"7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1650371376-1.el7.noarch",
"7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1650371376-1.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1420"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.x86_64",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.x86_64",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.685-1.g13de638.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.685-1.g609cd20.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.685-1.g99aae51.el7.src",
"7Server-RH7-RHOSE-3.11:jenkins-0:2.319.3.1650348949-1.el7.noarch",
"7Server-RH7-RHOSE-3.11:jenkins-0:2.319.3.1650348949-1.el7.src",
"7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1650371376-1.el7.noarch",
"7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1650371376-1.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.x86_64",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.685-1.g0c4bf66.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:prometheus-0:3.11.685-1.g99aae51.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-0:3.11.685-1.g99aae51.el7.x86_64",
"7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.685-1.g13de638.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.685-1.g13de638.el7.x86_64",
"7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.x86_64",
"7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.685-1.g0c4bf66.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "workflow-cps-global-lib: OS command execution through crafted SCM contents"
},
{
"cve": "CVE-2022-25175",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2022-02-15T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.x86_64",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.x86_64",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.685-1.g13de638.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.685-1.g609cd20.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.685-1.g99aae51.el7.src",
"7Server-RH7-RHOSE-3.11:jenkins-0:2.319.3.1650348949-1.el7.noarch",
"7Server-RH7-RHOSE-3.11:jenkins-0:2.319.3.1650348949-1.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.x86_64",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.685-1.g0c4bf66.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:prometheus-0:3.11.685-1.g99aae51.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-0:3.11.685-1.g99aae51.el7.x86_64",
"7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.685-1.g13de638.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.685-1.g13de638.el7.x86_64",
"7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.x86_64",
"7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.685-1.g0c4bf66.el7.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2055719"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jenkins. The Pipeline: Multibranch uses the same checkout directories for distinct SCMs for the readTrusted step. This flaw allows attackers with item/configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents.This allows attackers to compromise confidentiality, integrity, and availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "workflow-multibranch: OS command execution through crafted SCM contents",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1650371376-1.el7.noarch",
"7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1650371376-1.el7.src"
],
"known_not_affected": [
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.x86_64",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.x86_64",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.685-1.g13de638.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.685-1.g609cd20.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.685-1.g99aae51.el7.src",
"7Server-RH7-RHOSE-3.11:jenkins-0:2.319.3.1650348949-1.el7.noarch",
"7Server-RH7-RHOSE-3.11:jenkins-0:2.319.3.1650348949-1.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.x86_64",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.685-1.g0c4bf66.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:prometheus-0:3.11.685-1.g99aae51.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-0:3.11.685-1.g99aae51.el7.x86_64",
"7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.685-1.g13de638.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.685-1.g13de638.el7.x86_64",
"7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.x86_64",
"7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.685-1.g0c4bf66.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-25175"
},
{
"category": "external",
"summary": "RHBZ#2055719",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2055719"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-25175",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25175"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25175",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25175"
}
],
"release_date": "2022-02-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-04-27T07:44:06+00:00",
"details": "For OpenShift Container Platform 3.11 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nDetails on how to access this content are available at https://docs.openshift.com/container-platform/3.11/updating/updating-cluster-cli.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/3.11/upgrading/index.html",
"product_ids": [
"7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1650371376-1.el7.noarch",
"7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1650371376-1.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1420"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.x86_64",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.x86_64",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.685-1.g13de638.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.685-1.g609cd20.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.685-1.g99aae51.el7.src",
"7Server-RH7-RHOSE-3.11:jenkins-0:2.319.3.1650348949-1.el7.noarch",
"7Server-RH7-RHOSE-3.11:jenkins-0:2.319.3.1650348949-1.el7.src",
"7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1650371376-1.el7.noarch",
"7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1650371376-1.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.x86_64",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.685-1.g0c4bf66.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:prometheus-0:3.11.685-1.g99aae51.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-0:3.11.685-1.g99aae51.el7.x86_64",
"7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.685-1.g13de638.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.685-1.g13de638.el7.x86_64",
"7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.x86_64",
"7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.685-1.g0c4bf66.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "workflow-multibranch: OS command execution through crafted SCM contents"
},
{
"cve": "CVE-2022-25176",
"cwe": {
"id": "CWE-59",
"name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
},
"discovery_date": "2022-02-15T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.x86_64",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.x86_64",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.685-1.g13de638.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.685-1.g609cd20.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.685-1.g99aae51.el7.src",
"7Server-RH7-RHOSE-3.11:jenkins-0:2.319.3.1650348949-1.el7.noarch",
"7Server-RH7-RHOSE-3.11:jenkins-0:2.319.3.1650348949-1.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.x86_64",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.685-1.g0c4bf66.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:prometheus-0:3.11.685-1.g99aae51.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-0:3.11.685-1.g99aae51.el7.x86_64",
"7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.685-1.g13de638.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.685-1.g13de638.el7.x86_64",
"7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.x86_64",
"7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.685-1.g0c4bf66.el7.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2055787"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jenkins. The Pipeline: Groovy Plugin follows symbolic links to locations outside of the checkout directory for the configured SCM when reading the script file (typically Jenkinsfile) for Pipelines. This flaw allows attackers who can configure Pipelines to read arbitrary files on the Jenkins controller file system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "workflow-cps: Pipeline-related plugins follow symbolic links or do not limit path names",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1650371376-1.el7.noarch",
"7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1650371376-1.el7.src"
],
"known_not_affected": [
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.x86_64",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.x86_64",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.685-1.g13de638.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.685-1.g609cd20.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.685-1.g99aae51.el7.src",
"7Server-RH7-RHOSE-3.11:jenkins-0:2.319.3.1650348949-1.el7.noarch",
"7Server-RH7-RHOSE-3.11:jenkins-0:2.319.3.1650348949-1.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.x86_64",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.685-1.g0c4bf66.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:prometheus-0:3.11.685-1.g99aae51.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-0:3.11.685-1.g99aae51.el7.x86_64",
"7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.685-1.g13de638.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.685-1.g13de638.el7.x86_64",
"7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.x86_64",
"7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.685-1.g0c4bf66.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-25176"
},
{
"category": "external",
"summary": "RHBZ#2055787",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2055787"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-25176",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25176"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25176",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25176"
}
],
"release_date": "2022-02-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-04-27T07:44:06+00:00",
"details": "For OpenShift Container Platform 3.11 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nDetails on how to access this content are available at https://docs.openshift.com/container-platform/3.11/updating/updating-cluster-cli.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/3.11/upgrading/index.html",
"product_ids": [
"7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1650371376-1.el7.noarch",
"7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1650371376-1.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1420"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.x86_64",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.x86_64",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.685-1.g13de638.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.685-1.g609cd20.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.685-1.g99aae51.el7.src",
"7Server-RH7-RHOSE-3.11:jenkins-0:2.319.3.1650348949-1.el7.noarch",
"7Server-RH7-RHOSE-3.11:jenkins-0:2.319.3.1650348949-1.el7.src",
"7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1650371376-1.el7.noarch",
"7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1650371376-1.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.x86_64",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.685-1.g0c4bf66.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:prometheus-0:3.11.685-1.g99aae51.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-0:3.11.685-1.g99aae51.el7.x86_64",
"7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.685-1.g13de638.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.685-1.g13de638.el7.x86_64",
"7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.x86_64",
"7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.685-1.g0c4bf66.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "workflow-cps: Pipeline-related plugins follow symbolic links or do not limit path names"
},
{
"cve": "CVE-2022-25177",
"cwe": {
"id": "CWE-59",
"name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
},
"discovery_date": "2022-02-15T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.x86_64",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.x86_64",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.685-1.g13de638.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.685-1.g609cd20.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.685-1.g99aae51.el7.src",
"7Server-RH7-RHOSE-3.11:jenkins-0:2.319.3.1650348949-1.el7.noarch",
"7Server-RH7-RHOSE-3.11:jenkins-0:2.319.3.1650348949-1.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.x86_64",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.685-1.g0c4bf66.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:prometheus-0:3.11.685-1.g99aae51.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-0:3.11.685-1.g99aae51.el7.x86_64",
"7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.685-1.g13de638.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.685-1.g13de638.el7.x86_64",
"7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.x86_64",
"7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.685-1.g0c4bf66.el7.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2055788"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jenkins. The Pipeline: Shared Groovy Libraries follows symbolic links to locations outside of the expected Pipeline library when reading files using the libraryResource step. This flaw allows attackers who can configure Pipelines to read arbitrary files on the Jenkins controller file system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "workflow-cps-global-lib: Pipeline-related plugins follow symbolic links or do not limit path names",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1650371376-1.el7.noarch",
"7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1650371376-1.el7.src"
],
"known_not_affected": [
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.x86_64",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.x86_64",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.685-1.g13de638.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.685-1.g609cd20.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.685-1.g99aae51.el7.src",
"7Server-RH7-RHOSE-3.11:jenkins-0:2.319.3.1650348949-1.el7.noarch",
"7Server-RH7-RHOSE-3.11:jenkins-0:2.319.3.1650348949-1.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.x86_64",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.685-1.g0c4bf66.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:prometheus-0:3.11.685-1.g99aae51.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-0:3.11.685-1.g99aae51.el7.x86_64",
"7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.685-1.g13de638.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.685-1.g13de638.el7.x86_64",
"7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.x86_64",
"7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.685-1.g0c4bf66.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-25177"
},
{
"category": "external",
"summary": "RHBZ#2055788",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2055788"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-25177",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25177"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25177",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25177"
}
],
"release_date": "2022-02-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-04-27T07:44:06+00:00",
"details": "For OpenShift Container Platform 3.11 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nDetails on how to access this content are available at https://docs.openshift.com/container-platform/3.11/updating/updating-cluster-cli.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/3.11/upgrading/index.html",
"product_ids": [
"7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1650371376-1.el7.noarch",
"7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1650371376-1.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1420"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.x86_64",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.x86_64",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.685-1.g13de638.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.685-1.g609cd20.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.685-1.g99aae51.el7.src",
"7Server-RH7-RHOSE-3.11:jenkins-0:2.319.3.1650348949-1.el7.noarch",
"7Server-RH7-RHOSE-3.11:jenkins-0:2.319.3.1650348949-1.el7.src",
"7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1650371376-1.el7.noarch",
"7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1650371376-1.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.x86_64",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.685-1.g0c4bf66.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:prometheus-0:3.11.685-1.g99aae51.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-0:3.11.685-1.g99aae51.el7.x86_64",
"7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.685-1.g13de638.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.685-1.g13de638.el7.x86_64",
"7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.x86_64",
"7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.685-1.g0c4bf66.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "workflow-cps-global-lib: Pipeline-related plugins follow symbolic links or do not limit path names"
},
{
"cve": "CVE-2022-25178",
"cwe": {
"id": "CWE-59",
"name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
},
"discovery_date": "2022-02-15T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.x86_64",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.x86_64",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.685-1.g13de638.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.685-1.g609cd20.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.685-1.g99aae51.el7.src",
"7Server-RH7-RHOSE-3.11:jenkins-0:2.319.3.1650348949-1.el7.noarch",
"7Server-RH7-RHOSE-3.11:jenkins-0:2.319.3.1650348949-1.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.x86_64",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.685-1.g0c4bf66.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:prometheus-0:3.11.685-1.g99aae51.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-0:3.11.685-1.g99aae51.el7.x86_64",
"7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.685-1.g13de638.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.685-1.g13de638.el7.x86_64",
"7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.x86_64",
"7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.685-1.g0c4bf66.el7.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2055789"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jenkins. The Pipeline: Shared Groovy Libraries does not restrict the names of resources passed to the libraryResource step. This flaw allows attackers who can configure Pipelines to read arbitrary files on the Jenkins controller file system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "workflow-cps-global-lib: Pipeline-related plugins follow symbolic links or do not limit path names",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1650371376-1.el7.noarch",
"7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1650371376-1.el7.src"
],
"known_not_affected": [
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.x86_64",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.x86_64",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.685-1.g13de638.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.685-1.g609cd20.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.685-1.g99aae51.el7.src",
"7Server-RH7-RHOSE-3.11:jenkins-0:2.319.3.1650348949-1.el7.noarch",
"7Server-RH7-RHOSE-3.11:jenkins-0:2.319.3.1650348949-1.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.x86_64",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.685-1.g0c4bf66.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:prometheus-0:3.11.685-1.g99aae51.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-0:3.11.685-1.g99aae51.el7.x86_64",
"7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.685-1.g13de638.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.685-1.g13de638.el7.x86_64",
"7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.x86_64",
"7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.685-1.g0c4bf66.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-25178"
},
{
"category": "external",
"summary": "RHBZ#2055789",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2055789"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-25178",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25178"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25178",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25178"
}
],
"release_date": "2022-02-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-04-27T07:44:06+00:00",
"details": "For OpenShift Container Platform 3.11 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nDetails on how to access this content are available at https://docs.openshift.com/container-platform/3.11/updating/updating-cluster-cli.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/3.11/upgrading/index.html",
"product_ids": [
"7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1650371376-1.el7.noarch",
"7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1650371376-1.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1420"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.x86_64",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.x86_64",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.685-1.g13de638.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.685-1.g609cd20.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.685-1.g99aae51.el7.src",
"7Server-RH7-RHOSE-3.11:jenkins-0:2.319.3.1650348949-1.el7.noarch",
"7Server-RH7-RHOSE-3.11:jenkins-0:2.319.3.1650348949-1.el7.src",
"7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1650371376-1.el7.noarch",
"7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1650371376-1.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.x86_64",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.685-1.g0c4bf66.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:prometheus-0:3.11.685-1.g99aae51.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-0:3.11.685-1.g99aae51.el7.x86_64",
"7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.685-1.g13de638.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.685-1.g13de638.el7.x86_64",
"7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.x86_64",
"7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.685-1.g0c4bf66.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "workflow-cps-global-lib: Pipeline-related plugins follow symbolic links or do not limit path names"
},
{
"cve": "CVE-2022-25179",
"cwe": {
"id": "CWE-59",
"name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
},
"discovery_date": "2022-02-15T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.x86_64",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.x86_64",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.685-1.g13de638.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.685-1.g609cd20.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.685-1.g99aae51.el7.src",
"7Server-RH7-RHOSE-3.11:jenkins-0:2.319.3.1650348949-1.el7.noarch",
"7Server-RH7-RHOSE-3.11:jenkins-0:2.319.3.1650348949-1.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.x86_64",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.685-1.g0c4bf66.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:prometheus-0:3.11.685-1.g99aae51.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-0:3.11.685-1.g99aae51.el7.x86_64",
"7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.685-1.g13de638.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.685-1.g13de638.el7.x86_64",
"7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.x86_64",
"7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.685-1.g0c4bf66.el7.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2055792"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jenkins. The Pipeline: Multibranch follows symbolic links to locations outside of the checkout directory for the configured SCM when reading files using the readTrusted step. This flaw allows attackers that can configure Pipelines, to read arbitrary files on the Jenkins controller file system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "workflow-multibranch: Pipeline-related plugins follow symbolic links or do not limit path names",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1650371376-1.el7.noarch",
"7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1650371376-1.el7.src"
],
"known_not_affected": [
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.x86_64",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.x86_64",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.685-1.g13de638.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.685-1.g609cd20.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.685-1.g99aae51.el7.src",
"7Server-RH7-RHOSE-3.11:jenkins-0:2.319.3.1650348949-1.el7.noarch",
"7Server-RH7-RHOSE-3.11:jenkins-0:2.319.3.1650348949-1.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.x86_64",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.685-1.g0c4bf66.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:prometheus-0:3.11.685-1.g99aae51.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-0:3.11.685-1.g99aae51.el7.x86_64",
"7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.685-1.g13de638.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.685-1.g13de638.el7.x86_64",
"7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.x86_64",
"7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.685-1.g0c4bf66.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-25179"
},
{
"category": "external",
"summary": "RHBZ#2055792",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2055792"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-25179",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25179"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25179",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25179"
}
],
"release_date": "2022-02-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-04-27T07:44:06+00:00",
"details": "For OpenShift Container Platform 3.11 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nDetails on how to access this content are available at https://docs.openshift.com/container-platform/3.11/updating/updating-cluster-cli.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/3.11/upgrading/index.html",
"product_ids": [
"7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1650371376-1.el7.noarch",
"7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1650371376-1.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1420"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.x86_64",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.x86_64",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.685-1.g13de638.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.685-1.g609cd20.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.685-1.g99aae51.el7.src",
"7Server-RH7-RHOSE-3.11:jenkins-0:2.319.3.1650348949-1.el7.noarch",
"7Server-RH7-RHOSE-3.11:jenkins-0:2.319.3.1650348949-1.el7.src",
"7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1650371376-1.el7.noarch",
"7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1650371376-1.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.x86_64",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.685-1.g0c4bf66.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:prometheus-0:3.11.685-1.g99aae51.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-0:3.11.685-1.g99aae51.el7.x86_64",
"7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.685-1.g13de638.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.685-1.g13de638.el7.x86_64",
"7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.x86_64",
"7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.685-1.g0c4bf66.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "workflow-multibranch: Pipeline-related plugins follow symbolic links or do not limit path names"
},
{
"cve": "CVE-2022-25180",
"cwe": {
"id": "CWE-522",
"name": "Insufficiently Protected Credentials"
},
"discovery_date": "2022-02-15T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.x86_64",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.x86_64",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.685-1.g13de638.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.685-1.g609cd20.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.685-1.g99aae51.el7.src",
"7Server-RH7-RHOSE-3.11:jenkins-0:2.319.3.1650348949-1.el7.noarch",
"7Server-RH7-RHOSE-3.11:jenkins-0:2.319.3.1650348949-1.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.x86_64",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.685-1.g0c4bf66.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:prometheus-0:3.11.685-1.g99aae51.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-0:3.11.685-1.g99aae51.el7.x86_64",
"7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.685-1.g13de638.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.685-1.g13de638.el7.x86_64",
"7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.x86_64",
"7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.685-1.g0c4bf66.el7.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2055795"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jenkins. The Pipeline: Groovy Plugin includes password parameters from the original build in replayed builds. This flaw allows attackers with run/replay permission to obtain the values of password parameters passed to previous builds of a Pipeline.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "workflow-cps: Password parameters are included from the original build in replayed builds",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1650371376-1.el7.noarch",
"7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1650371376-1.el7.src"
],
"known_not_affected": [
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.x86_64",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.x86_64",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.685-1.g13de638.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.685-1.g609cd20.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.685-1.g99aae51.el7.src",
"7Server-RH7-RHOSE-3.11:jenkins-0:2.319.3.1650348949-1.el7.noarch",
"7Server-RH7-RHOSE-3.11:jenkins-0:2.319.3.1650348949-1.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.x86_64",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.685-1.g0c4bf66.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:prometheus-0:3.11.685-1.g99aae51.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-0:3.11.685-1.g99aae51.el7.x86_64",
"7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.685-1.g13de638.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.685-1.g13de638.el7.x86_64",
"7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.x86_64",
"7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.685-1.g0c4bf66.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-25180"
},
{
"category": "external",
"summary": "RHBZ#2055795",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2055795"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-25180",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25180"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25180",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25180"
}
],
"release_date": "2022-02-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-04-27T07:44:06+00:00",
"details": "For OpenShift Container Platform 3.11 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nDetails on how to access this content are available at https://docs.openshift.com/container-platform/3.11/updating/updating-cluster-cli.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/3.11/upgrading/index.html",
"product_ids": [
"7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1650371376-1.el7.noarch",
"7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1650371376-1.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1420"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.x86_64",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.x86_64",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.685-1.g13de638.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.685-1.g609cd20.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.685-1.g99aae51.el7.src",
"7Server-RH7-RHOSE-3.11:jenkins-0:2.319.3.1650348949-1.el7.noarch",
"7Server-RH7-RHOSE-3.11:jenkins-0:2.319.3.1650348949-1.el7.src",
"7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1650371376-1.el7.noarch",
"7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1650371376-1.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.x86_64",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.685-1.g0c4bf66.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:prometheus-0:3.11.685-1.g99aae51.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-0:3.11.685-1.g99aae51.el7.x86_64",
"7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.685-1.g13de638.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.685-1.g13de638.el7.x86_64",
"7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.x86_64",
"7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.685-1.g0c4bf66.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "workflow-cps: Password parameters are included from the original build in replayed builds"
},
{
"cve": "CVE-2022-25181",
"cwe": {
"id": "CWE-179",
"name": "Incorrect Behavior Order: Early Validation"
},
"discovery_date": "2022-02-15T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.x86_64",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.x86_64",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.685-1.g13de638.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.685-1.g609cd20.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.685-1.g99aae51.el7.src",
"7Server-RH7-RHOSE-3.11:jenkins-0:2.319.3.1650348949-1.el7.noarch",
"7Server-RH7-RHOSE-3.11:jenkins-0:2.319.3.1650348949-1.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.x86_64",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.685-1.g0c4bf66.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:prometheus-0:3.11.685-1.g99aae51.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-0:3.11.685-1.g99aae51.el7.x86_64",
"7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.685-1.g13de638.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.685-1.g13de638.el7.x86_64",
"7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.x86_64",
"7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.685-1.g0c4bf66.el7.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2055797"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jenkins. The Pipeline: Shared Groovy Libraries Plugin uses the same workspace directory for all checkouts of Pipeline libraries with the same name, regardless of the SCM used and the source of the library configuration. This flaw allows attackers with item/configure permission to execute arbitrary code in the context of the Jenkins controller, JVM, through crafted SCM contents if a global Pipeline library already exists.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "workflow-cps-global-lib: Sandbox bypass vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1650371376-1.el7.noarch",
"7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1650371376-1.el7.src"
],
"known_not_affected": [
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.x86_64",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.x86_64",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.685-1.g13de638.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.685-1.g609cd20.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.685-1.g99aae51.el7.src",
"7Server-RH7-RHOSE-3.11:jenkins-0:2.319.3.1650348949-1.el7.noarch",
"7Server-RH7-RHOSE-3.11:jenkins-0:2.319.3.1650348949-1.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.x86_64",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.685-1.g0c4bf66.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:prometheus-0:3.11.685-1.g99aae51.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-0:3.11.685-1.g99aae51.el7.x86_64",
"7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.685-1.g13de638.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.685-1.g13de638.el7.x86_64",
"7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.x86_64",
"7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.685-1.g0c4bf66.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-25181"
},
{
"category": "external",
"summary": "RHBZ#2055797",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2055797"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-25181",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25181"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25181",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25181"
}
],
"release_date": "2022-02-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-04-27T07:44:06+00:00",
"details": "For OpenShift Container Platform 3.11 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nDetails on how to access this content are available at https://docs.openshift.com/container-platform/3.11/updating/updating-cluster-cli.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/3.11/upgrading/index.html",
"product_ids": [
"7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1650371376-1.el7.noarch",
"7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1650371376-1.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1420"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.x86_64",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.x86_64",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.685-1.g13de638.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.685-1.g609cd20.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.685-1.g99aae51.el7.src",
"7Server-RH7-RHOSE-3.11:jenkins-0:2.319.3.1650348949-1.el7.noarch",
"7Server-RH7-RHOSE-3.11:jenkins-0:2.319.3.1650348949-1.el7.src",
"7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1650371376-1.el7.noarch",
"7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1650371376-1.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.x86_64",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.685-1.g0c4bf66.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:prometheus-0:3.11.685-1.g99aae51.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-0:3.11.685-1.g99aae51.el7.x86_64",
"7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.685-1.g13de638.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.685-1.g13de638.el7.x86_64",
"7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.x86_64",
"7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.685-1.g0c4bf66.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "workflow-cps-global-lib: Sandbox bypass vulnerability"
},
{
"cve": "CVE-2022-25182",
"cwe": {
"id": "CWE-179",
"name": "Incorrect Behavior Order: Early Validation"
},
"discovery_date": "2022-02-15T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.x86_64",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.x86_64",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.685-1.g13de638.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.685-1.g609cd20.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.685-1.g99aae51.el7.src",
"7Server-RH7-RHOSE-3.11:jenkins-0:2.319.3.1650348949-1.el7.noarch",
"7Server-RH7-RHOSE-3.11:jenkins-0:2.319.3.1650348949-1.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.x86_64",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.685-1.g0c4bf66.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:prometheus-0:3.11.685-1.g99aae51.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-0:3.11.685-1.g99aae51.el7.x86_64",
"7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.685-1.g13de638.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.685-1.g13de638.el7.x86_64",
"7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.x86_64",
"7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.685-1.g0c4bf66.el7.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2055798"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jenkins. The Pipeline: Shared Groovy Libraries Plugin uses the names of Pipeline libraries to create directories without canonicalization or sanitization. This flaw allows attackers with item/configure permission to execute arbitrary code in the context of the Jenkins controller, JVM, using specially crafted library names if a global Pipeline library is already configured.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "workflow-cps-global-lib: Sandbox bypass vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1650371376-1.el7.noarch",
"7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1650371376-1.el7.src"
],
"known_not_affected": [
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.x86_64",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.x86_64",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.685-1.g13de638.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.685-1.g609cd20.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.685-1.g99aae51.el7.src",
"7Server-RH7-RHOSE-3.11:jenkins-0:2.319.3.1650348949-1.el7.noarch",
"7Server-RH7-RHOSE-3.11:jenkins-0:2.319.3.1650348949-1.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.x86_64",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.685-1.g0c4bf66.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:prometheus-0:3.11.685-1.g99aae51.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-0:3.11.685-1.g99aae51.el7.x86_64",
"7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.685-1.g13de638.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.685-1.g13de638.el7.x86_64",
"7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.x86_64",
"7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.685-1.g0c4bf66.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-25182"
},
{
"category": "external",
"summary": "RHBZ#2055798",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2055798"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-25182",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25182"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25182",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25182"
}
],
"release_date": "2022-02-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-04-27T07:44:06+00:00",
"details": "For OpenShift Container Platform 3.11 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nDetails on how to access this content are available at https://docs.openshift.com/container-platform/3.11/updating/updating-cluster-cli.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/3.11/upgrading/index.html",
"product_ids": [
"7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1650371376-1.el7.noarch",
"7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1650371376-1.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1420"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.x86_64",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.x86_64",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.685-1.g13de638.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.685-1.g609cd20.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.685-1.g99aae51.el7.src",
"7Server-RH7-RHOSE-3.11:jenkins-0:2.319.3.1650348949-1.el7.noarch",
"7Server-RH7-RHOSE-3.11:jenkins-0:2.319.3.1650348949-1.el7.src",
"7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1650371376-1.el7.noarch",
"7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1650371376-1.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.x86_64",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.685-1.g0c4bf66.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:prometheus-0:3.11.685-1.g99aae51.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-0:3.11.685-1.g99aae51.el7.x86_64",
"7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.685-1.g13de638.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.685-1.g13de638.el7.x86_64",
"7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.x86_64",
"7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.685-1.g0c4bf66.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "workflow-cps-global-lib: Sandbox bypass vulnerability"
},
{
"cve": "CVE-2022-25183",
"cwe": {
"id": "CWE-179",
"name": "Incorrect Behavior Order: Early Validation"
},
"discovery_date": "2022-02-15T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.x86_64",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.x86_64",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.685-1.g13de638.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.685-1.g609cd20.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.685-1.g99aae51.el7.src",
"7Server-RH7-RHOSE-3.11:jenkins-0:2.319.3.1650348949-1.el7.noarch",
"7Server-RH7-RHOSE-3.11:jenkins-0:2.319.3.1650348949-1.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.x86_64",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.685-1.g0c4bf66.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:prometheus-0:3.11.685-1.g99aae51.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-0:3.11.685-1.g99aae51.el7.x86_64",
"7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.685-1.g13de638.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.685-1.g13de638.el7.x86_64",
"7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.x86_64",
"7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.685-1.g0c4bf66.el7.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2055802"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jenkins. The Pipeline: Shared Groovy Libraries plugin uses the names of Pipeline libraries to create cache directories without any sanitization. This flaw allows attackers with item/configure permission to execute arbitrary code in the context of the Jenkins controller JVM, using specially crafted library names if a global Pipeline library configured to use caching already exists.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "workflow-cps-global-lib: Sandbox bypass vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1650371376-1.el7.noarch",
"7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1650371376-1.el7.src"
],
"known_not_affected": [
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.x86_64",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.x86_64",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.685-1.g13de638.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.685-1.g609cd20.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.685-1.g99aae51.el7.src",
"7Server-RH7-RHOSE-3.11:jenkins-0:2.319.3.1650348949-1.el7.noarch",
"7Server-RH7-RHOSE-3.11:jenkins-0:2.319.3.1650348949-1.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.x86_64",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.685-1.g0c4bf66.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:prometheus-0:3.11.685-1.g99aae51.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-0:3.11.685-1.g99aae51.el7.x86_64",
"7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.685-1.g13de638.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.685-1.g13de638.el7.x86_64",
"7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.x86_64",
"7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.685-1.g0c4bf66.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-25183"
},
{
"category": "external",
"summary": "RHBZ#2055802",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2055802"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-25183",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25183"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25183",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25183"
}
],
"release_date": "2022-02-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-04-27T07:44:06+00:00",
"details": "For OpenShift Container Platform 3.11 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nDetails on how to access this content are available at https://docs.openshift.com/container-platform/3.11/updating/updating-cluster-cli.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/3.11/upgrading/index.html",
"product_ids": [
"7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1650371376-1.el7.noarch",
"7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1650371376-1.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1420"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.x86_64",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.x86_64",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.685-1.g13de638.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.685-1.g609cd20.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.685-1.g99aae51.el7.src",
"7Server-RH7-RHOSE-3.11:jenkins-0:2.319.3.1650348949-1.el7.noarch",
"7Server-RH7-RHOSE-3.11:jenkins-0:2.319.3.1650348949-1.el7.src",
"7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1650371376-1.el7.noarch",
"7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1650371376-1.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.x86_64",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.685-1.g0c4bf66.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:prometheus-0:3.11.685-1.g99aae51.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-0:3.11.685-1.g99aae51.el7.x86_64",
"7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.685-1.g13de638.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.685-1.g13de638.el7.x86_64",
"7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.x86_64",
"7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.685-1.g0c4bf66.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "workflow-cps-global-lib: Sandbox bypass vulnerability"
},
{
"cve": "CVE-2022-25184",
"cwe": {
"id": "CWE-359",
"name": "Exposure of Private Personal Information to an Unauthorized Actor"
},
"discovery_date": "2022-02-15T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.x86_64",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.x86_64",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.685-1.g13de638.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.685-1.g609cd20.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.685-1.g99aae51.el7.src",
"7Server-RH7-RHOSE-3.11:jenkins-0:2.319.3.1650348949-1.el7.noarch",
"7Server-RH7-RHOSE-3.11:jenkins-0:2.319.3.1650348949-1.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.x86_64",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.685-1.g0c4bf66.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:prometheus-0:3.11.685-1.g99aae51.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-0:3.11.685-1.g99aae51.el7.x86_64",
"7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.685-1.g13de638.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.685-1.g13de638.el7.x86_64",
"7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.x86_64",
"7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.685-1.g0c4bf66.el7.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2055804"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jenkins pipeline-build-step where it revealed password parameter default values when generating a pipeline script using the Pipeline snippet generator. This flaw allows attackers with item/read permission to retrieve the default password parameter value from jobs and compromises confidentiality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pipeline-build-step: Password parameter default values exposed",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1650371376-1.el7.noarch",
"7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1650371376-1.el7.src"
],
"known_not_affected": [
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.x86_64",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.x86_64",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.685-1.g13de638.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.685-1.g609cd20.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.685-1.g99aae51.el7.src",
"7Server-RH7-RHOSE-3.11:jenkins-0:2.319.3.1650348949-1.el7.noarch",
"7Server-RH7-RHOSE-3.11:jenkins-0:2.319.3.1650348949-1.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.x86_64",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.685-1.g0c4bf66.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:prometheus-0:3.11.685-1.g99aae51.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-0:3.11.685-1.g99aae51.el7.x86_64",
"7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.685-1.g13de638.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.685-1.g13de638.el7.x86_64",
"7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.x86_64",
"7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.685-1.g0c4bf66.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-25184"
},
{
"category": "external",
"summary": "RHBZ#2055804",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2055804"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-25184",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25184"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25184",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25184"
}
],
"release_date": "2022-02-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-04-27T07:44:06+00:00",
"details": "For OpenShift Container Platform 3.11 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nDetails on how to access this content are available at https://docs.openshift.com/container-platform/3.11/updating/updating-cluster-cli.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/3.11/upgrading/index.html",
"product_ids": [
"7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1650371376-1.el7.noarch",
"7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1650371376-1.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1420"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.685-1.g2e6be86.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.685-1.g2e6be86.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.685-1.g99b2acf.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.685-1.gd435537.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.685-1.g3571208.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.685-1.git.0.7faaeaa.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.685-1.gf8bf728.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.685-1.gc8f26da.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.685-1.g39cfc66.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.685-1.git.0.7faaeaa.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.685-1.gd742e61.el7.x86_64",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.685-1.gedebe84.el7.x86_64",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.685-1.g13de638.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.685-1.g609cd20.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.685-1.g99aae51.el7.src",
"7Server-RH7-RHOSE-3.11:jenkins-0:2.319.3.1650348949-1.el7.noarch",
"7Server-RH7-RHOSE-3.11:jenkins-0:2.319.3.1650348949-1.el7.src",
"7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1650371376-1.el7.noarch",
"7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1650371376-1.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.685-1.git.0.a9090ac.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.685-1.git.0.a9090ac.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.685-1.gf2f435d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.685-1.g22be164.el7.x86_64",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.685-1.g0c4bf66.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.685-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:prometheus-0:3.11.685-1.g99aae51.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-0:3.11.685-1.g99aae51.el7.x86_64",
"7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.685-1.g13de638.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.685-1.g13de638.el7.x86_64",
"7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.685-1.g609cd20.el7.x86_64",
"7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.685-1.g0c4bf66.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "pipeline-build-step: Password parameter default values exposed"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…